thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Wednesday, October 31, 2007

The Social Graph, Google, Privacy, and Usability

The discussion about developing open standards for social networking has accelerated drastically since Brad Fitzpatrick's piece on the "Social Graph" was published (more correct would be "social network", as Dave Winer reminds us monkeys). The idea is to have a set of common standards and interfaces for exchanging data across platforms. The usual reasoning in favour of this has two variants:
  • "I don't want to have to connect to all my friends again when I enter a new social networking platform." (usability argument)
  • "We have to move beyond the 'silos' and 'walled gardens'. Open standards will level the playing field for smaller companies and users alike." (moral argument)
When Brad got hired by Google in August, other companies like Facebook became nervous. Facebook had been leading social networking innovation with the possibility for everybody to develop applications that run on top of their system. For a while, Google has been leaking bits and pieces on their competing project dubbed "Maka-Maka" ("friend"), which was said to "out-open" facebook.

Now, John Batelle has published a draft press release on this which Google intended to publish tomorrow. Maka-Maka is now - more soberly - called "OpenSocial", and it consists of a set of application programming interfaces (APIs) that are supposed to work across platforms:
The release of OpenSocial marks the first time that multiple social networks have been made accessible under a common API to make development and distribution easier and more efficient for developers. (...)

The OpenSocial APIs give developers access to the data needed to build social applications: access to a user's profile, their friends, and the ability to let their friends know that activities have taken place.
Brian Oberkirch gives a short summary:
Think of it as a social network data roaming agreement.

Marc Andreessen has a more detailed description of how OpenSocial works, and he also informs us that the partners that are already on board with Google in this project include Google's own Orkut, LinkedIn, Hi5, Friendster,, Oracle, iLike, Flixster, RockYou, and Slide.

As far as I understand this from the technical side, it is not about overcoming the silos, but just making access to them from other silos easier. So it is kind of in the middle between closed platforms like MySpace on the one hand and social networking standards that work completely out in the open like XFN or FOAF. It will also make life easier for identity aggregators like Spock or ClaimID. And of course it will make life hard for those startups that have already been working on a protocol for more fully decentralized social networks, like the German NoseRub.

There are a number of things that need more in-depth consideration here.

Soren G. asks:

1) What is Google getting out of this, besides slowing down Facebook and MySpace by giving developers a larger field to develop for? Is there information they will be gathering on my activities at all the various sites that they will use in their ad program?

2) Do all these groups have to update their user agreements for this to take place? Do they all already cover this kind of thing for happening, or are there lots of behind the scenes changes to user agreements going on?

Good questions, indeed. Mike Masnick at Techdirt has already answered the first one:
If it works well, Google could conceivably then build a similar ad offering on top of multiple networks of information, and it would also serve to protect Google somewhat from the faddish nature of social networks, as it wouldn't matter if one particular network declined as another gained prominence -- as long as they're all using these standards.
Both questions also point at the privacy implications of this development, but the second one is especially relevant for this. But as I already mentioned in my previous post, the real issues do not lie in the individual users giving consent to the platforms they use to share (some of) their data with the outside world. The real issue is: If this data is about social relations - friends, colleagues, contacts etc. - everybody of their friends would have to agree to have the information shared, as it is also about them. I illustrated this in a few talks I gave with the example of XFN. If Alice and Bob are a couple, Alice could link to Bob's website with some meta-information:
href="" rel="sweetheart"
While this looks ok at first sight, I would want Alice to to ask Bob before she does this, as he might not want everybody in the world to know that they are friends. It of course becomes more obvious if you consider Eve linking to Bob like this:
href="" rel="affair"
Until the issue of consent by both ends of a social link is not adequately addressed in any open social networking platform, it will be a serious problem. Pamela Dingle puts it more bluntly:
Call me crazy, but isn’t a “master social graph” without any reference to consent or control from the user really just internet-scale involuntary identity aggregation? I don’t care whether the “social graph” is in fashion or not, I sure as hell hope that I can opt out if I so choose.
JG comments on an even more important structural problem with linking the walled gardens or silos:

[M]aybe the walls around the gardens are not just there to enrich the owners of the garden. Maybe the walls are there to preserve the quality of the garden itself. Sometimes I want a clean separation to exist between various social networks in which I participate. Not because there is anything that goes on in one network that I am afraid of folks finding out on another network. It's just that, when I log on to LinkedIn, I really do not want to be bitten by a Facebookian "zombie" application. Nor do I want to start giving $1 icon gifts to my professional contacts (or getting them, either, for that matter).

This is basically what the idea of privacy as "contextual integrity" is about. Professional networks are built at LinkedIn or Xing, party and music related networking happens at MySpace, and students connect to each other at StudiVZ. While most of the information in these platforms may not be secret or sensitive, there is a reason people do different things on different platforms. I mean, when I go out for a beer with my friends, I also dress in a different way than at a professional conference. Nothing is secret about this, but we play different roles in different contexts, and the kind of relations we build or the ways we express ourselves are different. This is in fact a good thing for society, because it allows functional differentiation and thereby more complex societies than people used to be able to develop when everbody lived in small villages. This goes against the "moral argument" for open social networking data exchange and the assumption that openness is always good.

But there is also a buried "usability" issue with this, because connecting previously separate contexts can make your life much harder. This is nicely illustrated by efforts similar to OpenSocial, but for 3D virtual worlds. The NYT blog reported a few weeks ago:

I.B.M. and Linden Lab, the creator of Second Life, think it’s time to free the avatars. (...) The two companies are announcing plans to develop open standards that will allow avatars to roam from one virtual community to the next. The goal is let a person create a digital alter-ego that can travel to many virtual worlds, keeping the same name, look and even digital currency. The companies speak of “a truly interoperable 3D Internet.” Think of it as passports for avatars. So that pink-headed cutie you made for Second Life can also take up residence in, The Lounge, Virtual Laguna Beach and Entropia, for example.

Nicholas Carr had a great reply titled "Can I bring my flame thrower into Second Life?":

I'm not sure that IBM and Linden have fully thought through the consequences of bringing the globalization ethic to the virtual realm. About five minutes after the gates come down, all the residents of Second Life will have been made the slaves of powerful Warcraft clans. Peace-loving cyber-utopias will see their unnatural resources strip-mined by invading tribes. Economies will collapse, currencies turn to dust. Corporate headquarters - like the one IBM has in Second Life - will be looted and burned.

The funny part he is missing is of course this one: The Warcraft warriors looting the IBM headquarters in Second Life may be played by first-life IBM employees, and their co-warriors can find out about this because of OpenSocial. Now, that opens up a whole new avenue of social research on what happens if social contexts are conflated!

Saturday, October 27, 2007

Security and Privacy Issues in Social Networks

The European Network and Information Security Agency (ENISA) has released its first issue paper with the very timely title "Security Issues and Recomendations for Online Social Networks". The authors distinguish four groups of threats: privacy related threats, variants of traditional network and information securitys threats, identity related threats, social threats. They give a number of recommendations for governments (oversight and adaption of existing data protection legislation), companies that run such networks, technology developers, and research and standardisation bodies. Most of the text looks pretty thought-through and very up to date at first glance. For example, they recommend to not ban social networking sites at schools, but to make sure that pupils are adequately educated to use them.

What concerns me is the recommnendation to use automated filters against "offensive, litigious or illegal content". This brings potential freedom of speech issues. European Digital Rights has just started a campaign against a similar recommendation by the Council of Europe.

The text also addresses the issue of portability of profiles and the recent discussion around the social graph. But the authors, like many others, fail to address the central point: Information about social links is not about only one user, but also the others which he is linked to. They have to agree if this information is moved to different platforms.

Thursday, October 11, 2007


The privacy field is currently in the hot phase of a paradigm shift. You can tell this from the multitude of new conceptional terms that pop up almost weekly. I already wrote about "wikisurveillance" and the concept of "Limited Liability Personae", and the identity management folks currently have a hot debate about the "Identity Oracle".

Now, Michael Zimmer has coined the term "netaveillance". It is based on Helen Nissenbaum's theory of "privacy as contextual integrity". He is trying to grasp the information flows among users of web 2.0 platforms, and he does this based on a thoughtful discussion of other terms:
What seems to be emerging is a new form of voyeuristic surveillance of people’s everyday lives, fueled by Web 2.0. This has been referred to varyingly as “lateral surveillance,” “peer-to-peer surveillance” or even as a new kind of “participatory panopticon.” Yet these terms – and the theories embedded within them – seem insufficient to fully grasp the significance of the emergence of this new voyeurism of the mundane. Surveillance, via its etymology, implies the “watching over” of subjects from above, with an explicit power relationship between the watchers and those placed under its gaze. Trying to describe surveillance as “peer-to-peer” suggests a flattening of the power relationship that is counter to its very definition. Similarly, the notion of a “participatory panopticon” is at the same time redundant and contradictory. Foucault revealed how panoptic power becomes internalized by the subjects, thus, they necessarily “participate” in their own subjugation. Yet the top-down power relationship within the panoptic structure remains. The participation by the subjects in their own surveillance does not make them equal with the watchers in a panoptic model. Yet the informational voyeurism associated with Web 2.0 seems to imply a balance between the users: one shares their data streams in order to improve the overall worth of the network, coupled with the presumption that they’ll be able to observe and leverage others’ streams as well.

This notion resembles that of “equiveillance,” a state of equilibrium between the topdown power of surveillance, and the resistant bottom-up watching of sousveillance. Yet, these concepts imply merely a balance in access to surveillance information, and is focused more on how to reach some kind of harmonious relationship with our rising surveillance society. With the informational voyeurism of Web 2.0, however, the goal isn’t to resist or come to terms with the power yielded by traditional surveillance, but rather to participate in a widespread and open sharing of the mundane details of one’s daily life. To give one’s peers a glimpse into one’s own personal universe.

These snapshots of the minutia of people’s lives have been compared to the Japanese concept of “neta”, the tidbits of people’s lives that are shared with family and friends as a kind of social currency.
The full manuscript is here, the accompanying slides are here.

I rate this as a "must read" for everybody interested in Web 2.0 and privacy. (Now, how do I put this into a facebook minifeed?)

Wednesday, October 03, 2007

Wikisurveillance, or: Big Brother is "You"

From the lexicon of new surveillance terms. Michael Arntfield writes this on the Identity Trail:
I define wikisurveillance as the manner in which the community at large has been seduced by, or at the very least summarily acceded to, the idea of watching, recording, reporting, and even the expectation, or exhibitionism, of being watched, as the new de facto social contract for the post-industrial age.
On a related note, one of the Dutch Big Brother awards winners is "You". It apparently took a while until the 1984 phrase "Big Brother is you, watching" by Mark Crispin Miller gained enough salience.

I still don't buy this hype and over-simplification. When the person of the year was declared "you" last year by Time magazine, this also met solid criticism. And cultural studies have shown on and on that people don't just give everything away in Web 2.0 and elsewhere, but instead are really conscious about what they publish and how they shape their public identities. Instead of throwing privacy out of the bathwater, we should think about control or informational self-determination as its new paradigm, instead of zero knowledge or anonymity as the normal expectation in the old one. But of course, if you want to give users / citizens control, they have to have the possibility of anonymity in the first place.

And yes, the last paragraph was full of references, but blogs are not academic articles, after all.
Look them up yourself. And then put them in the comments, please.

Identity Trends: Possible Futures

Kaliya Hamlin has posted a very interesting presentation "The Future of the Convergence of Internet-scale Identity Systems" from a recent workshop at Digital Identity World. It shows the most important outcomes of a a scenario planning exercise organized by the Identity Commons Working Group on Future Trends. They tried to look into the future a bit further than the next takeover by Oracle or the next interconnectivity demonstration between OpenID and XYZ. It really makes you think.

Some bits from the presentation as a teaser:
Anonymity in even indoor “public” places (coffee shops) has been destroyed by cheap and portable face recognition tools.

Government-issued becomes meaningless as millions of fake ids circulate - illegal immigrants driver forgery market.

DNA on Dating sites prevents potentially bad genetic matches before you start dating.

Networks of Trusted Individuals Compete with Corporations as Players in Identity Dependent Transactions.
Keep in mind that they only speak about a "range of possible futures", so if you don't like any of these, try to create a different one. As Alan Kay said: "The best way to predict the future is to invent it."

Here are many more potential future scenarios and more info on the full process they used.