thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Wednesday, October 31, 2007

The Social Graph, Google, Privacy, and Usability

The discussion about developing open standards for social networking has accelerated drastically since Brad Fitzpatrick's piece on the "Social Graph" was published (more correct would be "social network", as Dave Winer reminds us monkeys). The idea is to have a set of common standards and interfaces for exchanging data across platforms. The usual reasoning in favour of this has two variants:
  • "I don't want to have to connect to all my friends again when I enter a new social networking platform." (usability argument)
  • "We have to move beyond the 'silos' and 'walled gardens'. Open standards will level the playing field for smaller companies and users alike." (moral argument)
When Brad got hired by Google in August, other companies like Facebook became nervous. Facebook had been leading social networking innovation with the possibility for everybody to develop applications that run on top of their system. For a while, Google has been leaking bits and pieces on their competing project dubbed "Maka-Maka" ("friend"), which was said to "out-open" facebook.

Now, John Batelle has published a draft press release on this which Google intended to publish tomorrow. Maka-Maka is now - more soberly - called "OpenSocial", and it consists of a set of application programming interfaces (APIs) that are supposed to work across platforms:
The release of OpenSocial marks the first time that multiple social networks have been made accessible under a common API to make development and distribution easier and more efficient for developers. (...)

The OpenSocial APIs give developers access to the data needed to build social applications: access to a user's profile, their friends, and the ability to let their friends know that activities have taken place.
Brian Oberkirch gives a short summary:
Think of it as a social network data roaming agreement.

Marc Andreessen has a more detailed description of how OpenSocial works, and he also informs us that the partners that are already on board with Google in this project include Google's own Orkut, LinkedIn, Hi5, Friendster,, Oracle, iLike, Flixster, RockYou, and Slide.

As far as I understand this from the technical side, it is not about overcoming the silos, but just making access to them from other silos easier. So it is kind of in the middle between closed platforms like MySpace on the one hand and social networking standards that work completely out in the open like XFN or FOAF. It will also make life easier for identity aggregators like Spock or ClaimID. And of course it will make life hard for those startups that have already been working on a protocol for more fully decentralized social networks, like the German NoseRub.

There are a number of things that need more in-depth consideration here.

Soren G. asks:

1) What is Google getting out of this, besides slowing down Facebook and MySpace by giving developers a larger field to develop for? Is there information they will be gathering on my activities at all the various sites that they will use in their ad program?

2) Do all these groups have to update their user agreements for this to take place? Do they all already cover this kind of thing for happening, or are there lots of behind the scenes changes to user agreements going on?

Good questions, indeed. Mike Masnick at Techdirt has already answered the first one:
If it works well, Google could conceivably then build a similar ad offering on top of multiple networks of information, and it would also serve to protect Google somewhat from the faddish nature of social networks, as it wouldn't matter if one particular network declined as another gained prominence -- as long as they're all using these standards.
Both questions also point at the privacy implications of this development, but the second one is especially relevant for this. But as I already mentioned in my previous post, the real issues do not lie in the individual users giving consent to the platforms they use to share (some of) their data with the outside world. The real issue is: If this data is about social relations - friends, colleagues, contacts etc. - everybody of their friends would have to agree to have the information shared, as it is also about them. I illustrated this in a few talks I gave with the example of XFN. If Alice and Bob are a couple, Alice could link to Bob's website with some meta-information:
href="" rel="sweetheart"
While this looks ok at first sight, I would want Alice to to ask Bob before she does this, as he might not want everybody in the world to know that they are friends. It of course becomes more obvious if you consider Eve linking to Bob like this:
href="" rel="affair"
Until the issue of consent by both ends of a social link is not adequately addressed in any open social networking platform, it will be a serious problem. Pamela Dingle puts it more bluntly:
Call me crazy, but isn’t a “master social graph” without any reference to consent or control from the user really just internet-scale involuntary identity aggregation? I don’t care whether the “social graph” is in fashion or not, I sure as hell hope that I can opt out if I so choose.
JG comments on an even more important structural problem with linking the walled gardens or silos:

[M]aybe the walls around the gardens are not just there to enrich the owners of the garden. Maybe the walls are there to preserve the quality of the garden itself. Sometimes I want a clean separation to exist between various social networks in which I participate. Not because there is anything that goes on in one network that I am afraid of folks finding out on another network. It's just that, when I log on to LinkedIn, I really do not want to be bitten by a Facebookian "zombie" application. Nor do I want to start giving $1 icon gifts to my professional contacts (or getting them, either, for that matter).

This is basically what the idea of privacy as "contextual integrity" is about. Professional networks are built at LinkedIn or Xing, party and music related networking happens at MySpace, and students connect to each other at StudiVZ. While most of the information in these platforms may not be secret or sensitive, there is a reason people do different things on different platforms. I mean, when I go out for a beer with my friends, I also dress in a different way than at a professional conference. Nothing is secret about this, but we play different roles in different contexts, and the kind of relations we build or the ways we express ourselves are different. This is in fact a good thing for society, because it allows functional differentiation and thereby more complex societies than people used to be able to develop when everbody lived in small villages. This goes against the "moral argument" for open social networking data exchange and the assumption that openness is always good.

But there is also a buried "usability" issue with this, because connecting previously separate contexts can make your life much harder. This is nicely illustrated by efforts similar to OpenSocial, but for 3D virtual worlds. The NYT blog reported a few weeks ago:

I.B.M. and Linden Lab, the creator of Second Life, think it’s time to free the avatars. (...) The two companies are announcing plans to develop open standards that will allow avatars to roam from one virtual community to the next. The goal is let a person create a digital alter-ego that can travel to many virtual worlds, keeping the same name, look and even digital currency. The companies speak of “a truly interoperable 3D Internet.” Think of it as passports for avatars. So that pink-headed cutie you made for Second Life can also take up residence in, The Lounge, Virtual Laguna Beach and Entropia, for example.

Nicholas Carr had a great reply titled "Can I bring my flame thrower into Second Life?":

I'm not sure that IBM and Linden have fully thought through the consequences of bringing the globalization ethic to the virtual realm. About five minutes after the gates come down, all the residents of Second Life will have been made the slaves of powerful Warcraft clans. Peace-loving cyber-utopias will see their unnatural resources strip-mined by invading tribes. Economies will collapse, currencies turn to dust. Corporate headquarters - like the one IBM has in Second Life - will be looted and burned.

The funny part he is missing is of course this one: The Warcraft warriors looting the IBM headquarters in Second Life may be played by first-life IBM employees, and their co-warriors can find out about this because of OpenSocial. Now, that opens up a whole new avenue of social research on what happens if social contexts are conflated!


Anonymous Anonymous said...

nice article, thanks

1/11/07 11:13

Anonymous Anonymous said...

Welcome to goooossip :)

thx for the interesting article. I think it is very important to think about privacy issues. As mentioned above I am willing to share different information in specific context.

It is good to see the author is not painting black opensocial since it is coming from google. OpenSocial is an interesting tool for social communities - what the article shows is we need an ethical dicussion how to deal with "societies" online or in other words an Socialcommunity Ethic Manual.

2/11/07 21:12

Anonymous Anonymous said...

Oh Mann... :-)

4/11/07 23:22

Anonymous Anonymous said...

Hi Ralf - ich bin da in den letzten Wochen auch reingestolpert, unter dem Thema "Social Search".

Jon Kleinberg hat auf der letzten KDD Konferenz ein Präsentation gegeben, die (zum Ende hin) einige der Privacy-Probleme ganz gut aufzeigt:

Bestens und Happy 2008,
Ralf G.

6/1/08 21:04

Anonymous Dwight said...

Thank you, very interesting article. Nice depth.

10/10/08 15:02


Post a Comment

Links to this post:

Create a Link

<< Home