Archive for the 'DataPortability' Category

Platform growth over user privacy

Published on January 18, 2011 in DataPortability, Privacy and social computing, with 0 Comments. Tags: , , , , , , .

Facebook announced that data about yourself (like your phone number) would now be shared with applications. Since the announcement, they’ve backed down (and good work to ReadWriteWeb for raising awareness of this).

I’ve been quoted in RWW and other places as saying the following:

“Users should have the ability to decide upfront what data they permit, not after the handshake has been made where both Facebook and the app developer take advantage of the fact most users don’t know how to manage application privacy or revoke individual permissions,” Bizannes told the website. “Data Portability is about privacy-respecting interoperability and Facebook has failed in this regard.”

Let me explain what I mean by that:

This first screenshot is what users can do with applications. Facebook offers you the ability to manage your privacy, where you even have the ability to revoke individual data authorisations that are not considered necessary. Not as granular as I’d like it (my “basic information” is not something I share equally with “everyone”, such as apps who can show that data outside of Facebook where “everyone” actually is “everyone”), but it’s a nice start.

http:__www.facebook.com_settings_?tab=applications

This second screenshot, is what it looks like when you initiate the relationship with the application. Again, it’s great because of the disclosure and communicates a lot very simply.
Request for Permission

But what the problem is, is that the first screenshot should be what you see in place of the second screenshot. While Facebook is giving you the ability to manage your privacy, it is actually paying lipservice to it. Not many people are aware that they can manage their application privacy, as it’s buried in a part of the site people seldom use.

The reason why Facebook doesn’t offer this ability upfront is for a very simple reason: people wouldn’t accept apps. When given a yes or no option, users think “screw it” and hit yes. But what if they did this handshake, they were able to tick off what data they allowed or didn’t allow? Why are all these permissions required upfront, when I can later deactivate certain permissions?

Don’t worry, its not that hard to answer. User privacy doesn’t help with revenue revenue growth in as much as application growth which creates engagement. Being a company, I can’t blame Facebook for pursuing this approach. But I do blame them when they pay lipservice to the world and they rightfully should be called out for it.

Another scandal about data breaches shows the unrealised potential of the Internet as a network

Published on December 13, 2010 in DataPortability and Privacy, with 0 Comments. Tags: , , , .

The headlines today show a data breach of the Gawker media group.

Separately, I today received an email from a web service that I once signed up to but don’t use. The notice says my data has been compromised.

Deviant Art community breach

In this case, a partner of deviantART.COM had been shared information of users and it was compromised. Thankfully, I used one of my disposable email addresses so I will not be affected by the spammers. (I create unique email addresses for sites I don’t know or trust, so that I can shut them off if need be.)

But this once again raises the question: why did this happen? Or rather, how did we let this happen?

Delegated authentication and identity management
What was interesting about the Gawker incident was this comment that “if you logged in via Facebook Connect, in which case you’ll be safe.”

Why safe? For the simple reason that when you connect with Facebook Connect, your password details are not exchanged and used as a login. Instead, Facebook will authenticate you and notify the site of your identity. This is the basis of the OpenID innovation, and related to what I said nearly two years ago that it’s time to criminalise the password anti-pattern. You trust one company to store your identity, and you reuse your identity in other companies who provide value if they have access to your identity.

It’s scandals like this remind us for the need of data interoperability and building out the information value chain. I should be able to store certain data with certain companies; have certain companies access certains types of my data; and have the ability to control the usage of my data should I decide so. Gawker and deviantART don’t need my email: they need the ability to communicate with me. They are media companies wanting to market themselves, not technology companies that can innovate on how they protect my data. And they are especially not entitled for some things, like “sharing” data with a partner who I don’t know or can trust, and that subsequently puts me at risk.

Facebook connect is not perfect. But it’s a step in the right direction and we need to propel the thinking of OpenID and its cousin oAuth. That’s it, simple. (At least, until the next scandal.)

On Google and Facebook

Published on November 12, 2010 in DataPortability, with 1 Comment. Tags: , , , .

Mike Melanson interviewed me today over the whole Facebook vs Google standoff. He wrote a nice piece that I recommend you read, but I thought I would expand on what I was quoted on to give my full perspective.

To me, there is a bigger picture battle here, and it’s for us to see true data interoperability on the Internet, of which this is but a minor battle in the bigger war.

I see a strong parallel to global trade and data portability on the web. Like in the days of restrictive trade tariffs that have been progressively demolished with globalisation, the ‘protectionism’ being cried out by each party of protecting their users is but a hollow attempt to satisfy their voters in the short-term, which are the shareholders of each company. This tit-for-tat approach is what governments still practice with trade and people-travel restrictions, but which at the end of the day hurts individuals in the short-term but society as a whole in the longer term. It doesn’t help anyone but give companies (and as we’ve seen historically, governments) a short term sigh of relief.

You only have to look at Australia, which went from having some of the highest trade tariffs in the world in the ’70s to being one of the most open economies in the world by the ’90s. The effect of this is that it made it one of the most competitive economies in the world, which is part of the reason that of all the OECD countries during the recent financial crisis, it managed to be the only economy not to fall into recession. Companies, like the economies governments try to protect, need to be able to react to their market to survive, and they can only do that successfully in the long term by being truly competitive.

The reality is, Facebook and Google are hurting the global information network, as true value unlocks when we have a peered privacy-respecting interoperability network. The belief that value is interpreted as who holds the most data, is a mere attempt to buy time for their true competitive threat — the broader battle for interoperability — which will expose them to compete not on the data they acquired but on their core value as a web service to use that data. These companies need to recognise what their true comparative advantage is and what they can do with that data.

Google and Facebook have improved a lot over the years with regards to data portability, but they continue to make the mistake (if not in words, but in actions) — that locking in the data is the value. Personal information acquired by companies loses value with time — people’s jobs, locations, and even email accounts — change over time and are no longer relevant. What a site really wants is persistent access to a person so they can tap into the more recently updated data, for whatever they need. What Google and Facebook are doing is really hurting them as they would benefit by working together. Having a uniform way of transferring data between their information network silo’s ensures privacy-respecting ways that minimise the risk for the consumer (which they claim to be protecting) and the liberalisation of the data economy means they can in the long term focus on their comparative advantage with the same data.