Tag Archive for 'data'

Platform growth over user privacy

Published on January 18, 2011 in DataPortability, Privacy and social computing, with 0 Comments. Tags: , , , , , , .

Facebook announced that data about yourself (like your phone number) would now be shared with applications. Since the announcement, they’ve backed down (and good work to ReadWriteWeb for raising awareness of this).

I’ve been quoted in RWW and other places as saying the following:

“Users should have the ability to decide upfront what data they permit, not after the handshake has been made where both Facebook and the app developer take advantage of the fact most users don’t know how to manage application privacy or revoke individual permissions,” Bizannes told the website. “Data Portability is about privacy-respecting interoperability and Facebook has failed in this regard.”

Let me explain what I mean by that:

This first screenshot is what users can do with applications. Facebook offers you the ability to manage your privacy, where you even have the ability to revoke individual data authorisations that are not considered necessary. Not as granular as I’d like it (my “basic information” is not something I share equally with “everyone”, such as apps who can show that data outside of Facebook where “everyone” actually is “everyone”), but it’s a nice start.

http:__www.facebook.com_settings_?tab=applications

This second screenshot, is what it looks like when you initiate the relationship with the application. Again, it’s great because of the disclosure and communicates a lot very simply.
Request for Permission

But what the problem is, is that the first screenshot should be what you see in place of the second screenshot. While Facebook is giving you the ability to manage your privacy, it is actually paying lipservice to it. Not many people are aware that they can manage their application privacy, as it’s buried in a part of the site people seldom use.

The reason why Facebook doesn’t offer this ability upfront is for a very simple reason: people wouldn’t accept apps. When given a yes or no option, users think “screw it” and hit yes. But what if they did this handshake, they were able to tick off what data they allowed or didn’t allow? Why are all these permissions required upfront, when I can later deactivate certain permissions?

Don’t worry, its not that hard to answer. User privacy doesn’t help with revenue revenue growth in as much as application growth which creates engagement. Being a company, I can’t blame Facebook for pursuing this approach. But I do blame them when they pay lipservice to the world and they rightfully should be called out for it.

Delicious will go down as one of the great tragedies

Published on December 17, 2010 in social computing, with 2 Comments. Tags: , , , .

As Marshall Kirkpatrick eloquently wrote, I’m also another person disappointed that Yahoo! is shutting down Delicious, the social bookmarking site that helped generate the Web 2.0 trend. But this reflects a deeper problem at Yahoo.

How Yahoo’s spreadsheets miss the point
As a “heavy” user myself, it may be ironic to say that I never visit the site; I often will not bookmark a site for month’s. And yet, it hits me like a shot to the heart to hear that it will be shut down. Why? Because it’s so valuable to me. The amount of times I’ve been able to rediscover content I’ve previously read has alone made it valuable — the tagging innovation that Del.icio.us pioneered makes my search for hard-to-recall content much more efficient. But there was even a time, where the most popular links of delicious were my homepage: the quality of the content being shared justified my daily attention in the same way other aggregators have to me like how techmeme.com have.

In fact, I’ve recently rediscovered this as I experiment with the Rockmelt browser, and I check the most popular links via the widget on the side of my browser.

Delicious via Rockmelt

But notice how I don’t visit the website? I might see what links are popular, but that doesn’t mean I will click on them. I don’t visit the actual delicious website and so the metrics the Yahoo management are reviewing are skewed. If advertising is on the site (the only type of revenue model attempted), it would not convert much. They believe no one is using the service, but the truth is, they are.

I never thought the “network” operating model could suffer due to the fact metrics measuring value can’t be quantified. So it’s completely reasonable why a Yahoo management team thinks it time to shut down this service: low on traffic, low on revenue. Numbers in the spreadsheet say this is a loss: let’s kill it, says the MBA.

What we have here though is a management team who not only are out of touch with how people use delicious (potentially because they don’t get the vision that only the founder truly gets — and he’s long gone), but more important, completely misunderstand how to capture the value of this valuable asset (not property). As a point in comparison, Yahoo acquired the other Web2.0 darling Flickr, which is a service I also have been using for over 5 years. And when I say using, I mean a paying customer that has paid his subscription without hesitation every year (which I will note, there are not many services I pay for which makes this even more impressive). Like Delicious, I store data with Flickr that I may not use for a while — but the way it manages my data has become an invaluable tool for my life.

I worry more about Yahoo and any company it acquires
Yahoo’s management should have implemented a subscription model like Flickr, because it’s obvious that a “book marking” site will never get a lot of a traffic (you can book mark sites without having to need to visit delicious.com). Tools like this don’t make money from traffic; and network business models like this generate value beyond the confines of the web property.
With the news breaking, it will now force an action. Either sell it to people who have now seen their cards (in fact, I’ve had friends of mine not in tech ask me how can they put an offer for this!), open-source it (like how Google reacted when etherpad was going to be shut down), or shut it down as they said they want to and lose the opportunity to capture its value. Of course, they could publicly announce they won’t shut it down, but everyone now knows what they think and it will kill the service due to new users being paranoid about their data. Yahoo! gains nothing with this.

But the sad thing about this, is that it’s forced them to ignore the opportunity of potentially being more innovative with the revenue model. And because they failed to do this, this impacts the company more generally — monetisation is key to sustainability and if you have a management that can’t do that (which presumably, is the reason it’s being shut down), then there’s something even more wrong with this new age media company that as Jeff Jarvis has called, has become the last old-media company.

Yahoo is an amazing company, and companies need to make tough decisions sometimes to grow the company. But not understanding the potential of Delicious will go down in web history as one of the great tragedies — and if Yahoo sells it, one of its biggest blunders.

Update: And just as I clicked “save” on this post, the Delicious blog posted saying they are now going to “sell” it as it’s not a strategic fit, which as I mentioned in my post was one of the likely outcomes. So if it’s not a strategic fit, it begs the question again, what is Yahoo?

Another scandal about data breaches shows the unrealised potential of the Internet as a network

Published on December 13, 2010 in DataPortability and Privacy, with 0 Comments. Tags: , , , .

The headlines today show a data breach of the Gawker media group.

Separately, I today received an email from a web service that I once signed up to but don’t use. The notice says my data has been compromised.

Deviant Art community breach

In this case, a partner of deviantART.COM had been shared information of users and it was compromised. Thankfully, I used one of my disposable email addresses so I will not be affected by the spammers. (I create unique email addresses for sites I don’t know or trust, so that I can shut them off if need be.)

But this once again raises the question: why did this happen? Or rather, how did we let this happen?

Delegated authentication and identity management
What was interesting about the Gawker incident was this comment that “if you logged in via Facebook Connect, in which case you’ll be safe.”

Why safe? For the simple reason that when you connect with Facebook Connect, your password details are not exchanged and used as a login. Instead, Facebook will authenticate you and notify the site of your identity. This is the basis of the OpenID innovation, and related to what I said nearly two years ago that it’s time to criminalise the password anti-pattern. You trust one company to store your identity, and you reuse your identity in other companies who provide value if they have access to your identity.

It’s scandals like this remind us for the need of data interoperability and building out the information value chain. I should be able to store certain data with certain companies; have certain companies access certains types of my data; and have the ability to control the usage of my data should I decide so. Gawker and deviantART don’t need my email: they need the ability to communicate with me. They are media companies wanting to market themselves, not technology companies that can innovate on how they protect my data. And they are especially not entitled for some things, like “sharing” data with a partner who I don’t know or can trust, and that subsequently puts me at risk.

Facebook connect is not perfect. But it’s a step in the right direction and we need to propel the thinking of OpenID and its cousin oAuth. That’s it, simple. (At least, until the next scandal.)