Catching the Wave: The Tool and the Project

So the first question everyone asks is, what the heck *is* Wave? There’s been a lot of contradictory opinion about that, but the next several articles will try to provide a little perspective.

You have to keep in mind that Wave is two very different things, right out of the gate. First, it’s a new tool from Google, that is currently in an early alpha release. It’s buggy as all get out, and we’ll talk about that more later, but it’s improving rapidly. It is in a pure invitation-only mode right now, as most Internet tools start out — you have to get someone you know to give you an invitation. Those invites were rare as diamonds in the beginning (thanks to Michael Kleber for getting me an early one), but successive rounds of growth have made them a little easier to get.

Second, it’s a new open protocol. Google is trying to make something really new and different here: a new online ecosystem that is as pervasive and important as email or IM or the Web. They know that they can’t do that on their own: plain and simply, they’re not that deeply trusted. So they are fostering efforts to build alternative versions of these ideas, and to standardize server-to-server communications: the “let a thousand flowers bloom” approach. These other visions will come both in the form of open-source projects and commercial software — for an example of the latter, check out this announcement that Novell Pulse is planning to federate with Wave. (Thanks to Michael Kleber for pointing this out to me.)

So keep in mind that the current thing people will usually point to as “Wave” is just Google’s first-draft realization of these ideas. It was released a bit hastily (and perhaps a bit too early), and has lots of flaws, but this client is just scratching the surface here. There’s a lot of evolution yet to come here, both from Google and from other folks.

One thing Wave is not is email. In my opinion, Google did themselves a disservice by spreading the word that Wave is what email would be if it had been invented today, because it leads people to think of Wave as a new version of email. Put that out of your mind: the only thing Wave really has in common with email is that they are both conversational tools for sharing and collaboration. (Well, and they both have things called “Inbox”.) Wave has elements of email, but it also has elements of IM, forums and lots of other things.

An implication of that is that there actually isn’t all that much new about Wave, and a lot of people are dinging it for that. But that misses the point. Wave isn’t about radical new ideas, so much as it’s about a new way of combining a lot of old ideas. You’ll often hear it described as “Forums plus IM”, or “liveblogging plus email”, or something like that. It has elements of all of those, but the combination is what makes it interesting.

The discussion below will mostly be talking about Google Wave — that is, the initial Google client/server version. But the ideas here go far beyond Google, and much of the potential lies in what folks will do with both their tool and the larger architecture.

Next: The Nuts and Bolts

Catching the Wave: Prologue

This is a personal introduction from Justin. Many hands contributed to the following series — it was drafted in Wave itself, with lots of back-and-forth discussion — but this bit is my own perspective, so the reader can take my biases into account.

A month or two ago, thanks to my friend Michael, I got an invite to Google Wave; since then, I’ve been playing with it fairly heavily, getting a sense of what it is and what it does. It’s time to talk about that in detail. Those of you who have been curious about Wave, this is the series for you. This is going to be really, really long and in-depth, far moreso than most of the glossy overviews in the press, but I’m going to break it into lots of little articles on particular topics, one per day. I encourage you to share the URL around — this subject goes right to the heart of what this blog is about, and there’s a lot to say here.

(BTW: no, I don’t have any more invites. Sorry, but they went pretty fast, even limiting myself to people who I knew would dig into it seriously. If you ask around, they seem to be getting easier to obtain now.)

Disclaimer upfront: as many of you know, I’ve spent the past two years of my life mainly consumed by trying to build a system called CommYou. That was largely the inspiration for this blog: CommYou was all about fostering productive multi-tempo conversation online. It had a lot of cool ideas — it’s basically my attempt to create the conversation system I’ve always wanted. But it’s never made it past early alpha, because my standards are high: it’s actually in the middle of the second major rewrite now.

So you’ll understand my mixed feelings when I say that the most concise way to describe Wave is, “CommYou, only more ambitious”.

That’s over-simplified, of course: Wave isn’t trying to do *precisely* what CommYou does. But along the way, they wound up coming to remarkably similar conclusions about how you structure multi-tempo conversation in order to achieve serious collaboration. In particular, the look and feel of their conversation system, and the framing of how you present things to the user, are awfully close to CommYou’s.

The result is that I’m just now getting over a sense of frustration at having been “scooped”. The CommYou project is pretty well dead — I’m not dumb enough to try to compete head-to-head against a serious Google project.

That said, the purpose of CommYou was to produce my ideal conversation system. Wave currently has lots of flaws (which will be discussed at considerable length in later articles), but it comes closer than anything I’ve seen to date. So as I get past the frustration, I’m turning into quite a serious Wave evangelist — if I seem to complain a lot, it’s mostly because I can see how great this system will eventually be, and I’m impatient. This is the realization of a lot of the ideas I’ve had for some time now, and I’m hoping to see it evolve into a truly great system.

Hence, this series. Over the next few weeks, I’ll be discussing Wave in enormous detail, focusing less on the basic “what it looks like” (which you can find lots of articles about), and more on what’s really going on here, what Wave is good at, what it’s bad at, what you should be using it for, and particularly why this is going to become an absolutely indispensible tool once they get the bugs ironed out.

So join in, spread the word, ask questions and provide your insights, as we dive into Wave (which shall, henceforth, be the subject of altogether too many mixed metaphors).

As the rest of this series gets posted, I’ll be updating this article with links to the later ones. So bookmark this page, and it will serve as the table of contents for the rest.

Credits: lots of people have helped me with this series of articles. I’d like to especially thank Michael Kleber, Chad Bergeron, Alex Feinman and Anna Bradley, who have done much to help crystallize my thinking, as well as Jessica Polito, my wife Jane for proofreading, backboarding, and generally putting up with me, and Charley Sumner for organizing the first serious Wave I participated in that was about something other than self-referential navel-gazing about Wave itself.

Next time: okay, so what do we mean by “Wave”?

Table of Contents

Prologue

What is Wave?

• The Tool and the Project

Fake Identity, coming to a lawsuit near you

It’s been building for a while, but here’s the best example I’ve seen so far: a group of teens have been sued for impersonating another.  Basically, the four teens created a Facebook profile for their target, putting a lot of work into making it look real, and then used it to make their target look like a racist ass.  This probably isn’t unusual by now, but they went far enough to cause demonstrable harm to the kid, resulting in a defamation suit that sounds like it has a good chance of winning.

It does lead me to wonder where this is all going legally.  When we talk about “identity theft” today, we’re usually talking about schemes designed to steal your money or credit.  But this is a different sort of identity theft, perhaps even more damaging in the long run — taking control of your public profile and changing what people believe you to be.

I’m struck by the fact that, when this did turn into a lawsuit, the suit was defamation.  This seems to imply that the basic action of impersonation either isn’t illegal, or at least doesn’t result in a harsh enough punishment.  My gut says that it probably ought to be quite illegal, although my head says that it’s always difficult to write laws like this without pretty severe unintended consequences.

Opinions?  Do you think there should be harsh laws against this kind of identity theft — designed not to steal, but simply mislead?  Do you think it’s possible to write such a law well?  What sort of consequences is it likely to have?  I’m chewing this one over myself…

More on the legal limits of anonymity

Serves me right for letting myself get behind on my blog reading.

Yesterday, I talked about the need for clearer standards on when a publisher gives up an anonymous poster’s identity.  As it happens, there was progress on this front just a few days ago: Ars Technica posted a good article on almost this subject.  It’s not about blogging in this case, it’s about an apparently-false anonymous whistleblowing claim, but the basic principle is close — someone is claiming to have been defamed by an anonymous claim, and wants to find out who made the claim in order to sue them.

This time, the case apparently made it up to the appeals court, which has taken the contradictory previous decisions and attempted to craft a reasonable compromise.  The article gives the exact wording, but it basically boils down to requiring the plaintiff to demonstrate both that there are reasonable grounds and that they actually need the person to be unmasked.

So yay for intelligent judges, and at least a little progress towards laws and precedents that make sense in the modern age…

The inevitable limits to anonymity

I suspect that most folks will have heard about this, but I’ll refer my readers to this good article in SFGate about the “Skanks in NYC” case.  (Thanks to Aaron for the link.)

The short version: we’ve finally gotten a court case that came out with a ruling I’ve been expecting for a while, saying that there are limits to what you can get away with in blogging.  For a long time, there’s been a tacit assumption among many bloggers that they can say anything, and would be legally invulnerable — they saw that the system treated them as anonymous, and kind of figured that that meant they were untouchable.  This case ruled otherwise: it says that this particular blog crossed the line into defamation (at least, enough so to get a subpoena).  Moreover (and much more seriously), it ruled that Google has to turn over what records it has about the “anonymous” blogger.

Like I said, I’ve been expecting this.  The lines between blogging and publishing have long been blurry, and some blogs are obviously treading in libel territory.  I don’t see any real reason why the court would consider an op-ed column potentially libelous, while ignoring blogs like this.

Is it a good thing or bad?  Hard to say.  Anonymity does have its place, and is occasionally deathly critical; OTOH, 99% of uses of it (at least in the US) are simply venal.  IMO, this is an area where the law really needs to grapple with the problem seriously.  In particular, we need crystal-clear rules for when a “publisher” (such as Google in this case) can be coerced into turning over an anonymous poster’s information.  In this particular case I happen to think that it’s reasonable, but it’s the top of a slippery slope to more questionable requests.

In the meantime, keep in mind that your anonymity is not legally protected, at least not to an absolute degree.  So if it really matters, make sure that your tracks are well enough covered that the publisher’s contact information isn’t enough to track you down.

Opinions?  How do you feel about the legal lines here?  Is the demand to Google reasonable in this instance?  Where would you draw the line?

When does posting become publishing?

A news story made it onto the news wires yesterday, that illustrates one of the coming tensions in online communication — a real estate company is suing one of their tenants, who complained about the company on Twitter.

The case illustrates a tension that I expect to become ever-sharper in the next few years, between “conversation” and “publishing”.  Defamation suits are probably where the problem becomes most stark.

Say that I post something defamatory to my blog, which in this happy hypothetical universe has a hundred thousand readers.  As I understand it, it’s becoming fairly clear that the law thinks of that as “publishing”, and I’m just as legally liable as I would be if I published in a local newspaper.

Say that I say the same thing in a locked post on my LJ, visible only to my friends.  This is clearly a private conversation, not “published”.  It’s hard to predict the courts, but I find it unlikely that one would find this a matter worthy of a lawsuit, and I’d argue strongly that it shouldn’t.

Now, take the case at hand.  The post in question was to Twitter.  The woman reportedly only had 20 followers, and probably thought of this as a private conversation.  Indeed, a lot of people are laughing at the realty company, for turning a mountain into a molehill.  But their contention is that this was published to the public, and that’s kind of true: Twitter is a global feed, and lots of people mine it quite randomly.  So at least technically, it kind of was “publishing”.

So how do we draw the lines?  In an age where “conversations” can be visible to the whole web, and posts are just part of the larger conversation, what is publishing?  How can the courts distinguish between libel and simply someone spouting off to their friends?  It’s not a trivial matter — while the difference might be obvious at the gut level to you and me, the law likes clear lines, and I’m not seeing many of them.

I don’t have answers here, but I welcome thoughts on the matter.  It’s a problem that is likely to feed back into the technology and social conventions of online conversation — potential lawsuits are good for chilling free expression, so these lines really matter in practice…

Conversational Feedback

I’d like to spin off of a recent conversation over in dsr’s journal.  He pointed out that non-realtime online conversations suffer badly in terms of feedback: when you do something inappropriate, it takes a while to get feedback, and once the feedback does come, it tends to be in the form of a tsunami.  Siderea then pointed out some of the failings of text as a form of feedback in general, compared with face-to-face.

Okay, so let’s explore that a bit.  What could we provide to make feedback more effective?  To put it more specifically, what might CommYou do to provide good tools for social feedback?  It is probably impossible to make online feedback as effective as the face-to-face kind, but can we make it better than it usually is?

Let’s look at a few of the common problems:

• Text tends to have a different subject than face-to-face indications.  When someone does something inappropriate in person, I indicate *my* discomfort, and leave it to empathy to provide the feedback.  Textually, the point tends to be “You did something wrong”, which is a much sharper and more direct criticism.
• Text is often too blunt and explicit — it’s hard to say that someone has been inappropriate without stepping on social taboos and being rude yourself.
• In non-realtime conversations, when someone says something inflammatory, it tends to produce a response of “I Must Respond!” in all the readers.  Even if I know there are a lot of responses, which might already take this person to task, the desire to say something can be overwhelming.  By contrast, in a real face-to-face situation, everyone might start shouting at once, but it usually quickly dies down to one person making the point first and everyone else hearing it; this cuts down somewhat on the dog-pile effect.

So the question is, can we improve on this?  I have a few off-the-cuff ideas, but I don’t know if any of them are reasonable.  For instance:

• Provide built-in concepts for emotional expression that are subtler than text.  Shadings of color are potentially expressive, but not universal — they’d probably require social convention to have any effect. (Emoticons are essentially an attempt at this, and illustrate how hard the problem can be — they are often badly misused.)
• Roll up these expressions onto the message being reacted to, possibly as a single cumulative effect, to reduce the verbal onslaught.  (Slashdot kind of does this in its karma system.)
• Distinguish between “near-real-time” and “later” in conversation; (subtly?) discourage this sort of emotional feedback more as things go along, to avoid the syndrome of people beating the dead horse.

Of course, these are still in tension with the problem of “I” vs “You” — done naively, these still come across as “you did something wrong”, since they adhere to the posted message, whereas the ideal would seem to have a connotation of “I’m uncomfortable” instead.  I’m not sure how to express that notion of discomfort in a way that is as subtle but effective as facial expressions in real conversation. The heart of the problem is that (especially in non-realtime conversation) the rest of the audience doesn’t have a good way to provide the sort of ambient feedback they do face-to-face.

Ideas?  I think this is a terribly interesting problem, and I suspect there are a bunch of experiments worth trying. (Note that dsr has a couple of good ones in the linked conversation — I’m especially intrigued by the general notion of participants being able to add what amounts to typed metadata.)

Trust and Impersonation in social networks

[A quick meta-note upfront: I haven't been posting much lately, because I started a Real Nearly-Full-time Job a few weeks ago.  I'm continuing both CommYou and Art of Conversation, but my time is now much more limited.]

My friends mindways recently posted a link to an interesting but not surprising article about the growth of fraud in social networks.  The idea is quite simple: since Facebook verifies nothing but your email address, it is terribly easy to pretend to be someone else.

I’m not talking about fancy high-tech breaking of security here — it’s simply that, if I was to claim to be Bill Gates, how do you know that I’m not?  (In practice, a quick search turns up a bunch of them.)  More to the point, how do you know whether or not I’m your buddy Jim?  If I have Jim’s picture, and a little of the right biographical information on my profile, I sure look like Jim.  Do you vet your Facebook friends carefully, to see if they are who they say they are?  Would you even really have a way to do so, short of calling Jim and asking if he friended you on Facebook yesterday?

This is all the flipside of the “pseudonymity” question that comes up from time to time.  If you have a lot of persistent information online, that is all strongly linked together in a secure way, that counts as a fairly clear identity — perhaps not an identity linked back to the real world, but an identity.  OTOH, if all you have is a bunch of information about a real world identity, but no secure relationship between that and the online one, you don’t really have anything meaningful.  But most people are still used to thinking in terms of real names and faces, so the gut reaction is to believe the latter more than the former, even though it’s actually much easier to fake.

Curiously, I suspect that LiveJournal is actually less prone to this problem than Facebook is, precisely because it does not use your real name as your handle.  (And many/most people don’t use their picture for their icon.)  This preconditions people to be just a hair more suspicious: there isn’t the knee-jerk, “Oh, look — it’s Jim’s picture so it must be Jim.”  And on LJ, Who You Are is mostly determined by What You Say.  If you post a lot of things that only Jim would say, you’re probably Jim.  But just asserting your identity and friending people is more likely to make them suspicious: there is more burden of proof.

At least, that’s my guess.  I don’t know that anyone’s really studied the matter yet — it would be interesting to see what came out of such a study.

What do you think?  Have you found yourself more apt to simply friend someone on Facebook than on LJ, because they have the right user name and photo?  Do you think the rise of OpenID and other online-identity-linked mechanisms will gradually reduce this threat, by raising expectations of a deeper, richer and more consistent online profile?

Autopilot and Social Networking

I’m sure that, by now, you’ve all heard about Google’s new Autopilot extension to Gmail, which was announced today.  Obviously, Autopilot represents a major leap forward in conversation technology.  (Yes, yes — CommYou will begin letting users appply Autopilot to conversations, as soon as Google opens up the APIs.)

Let’s talk instead, though, about the potential of this technology for social networking.  Autopilot is doing a good job of easing the burden of conversation, by removing the need to read and reply to your email.  But really, that’s the easy bit.  Nowadays, the really challenging problems are all coming on the social networking side.

So I’m going to propose two products that I think Google should be working on.  (And given how fast the CADIE project is evolving, probably will have finished by tomorrow.)

First up is AutoNetwork.  This would monitor your existing social network, as well as all aspects of your real life, integrating your calendar, your phone calls and your emails to derive a complete picture of who you are and who you know.  (Google already knows all of this anyway, so it’s just a matter of putting the pieces together.)  Then, when you apply AutoNetwork to a given social network, it chooses who you should friend and who not.  It will automatically add friends, decline invitations from people you don’t know *that* well, and unfriend people who you really shouldn’t be talking to.  This will remove the burden of keeping track of your social network, by doing all the heavy lifting for you.  In release 2.0, it will decide which social networks you should be on in the first place.

Second is AutoTweet.  This is simply a logical extension of AutoPilot, aimed at broadcast media.  It will use its advanced heuristics to decide which elements of your life are worth talking about, summarize them, and post them automatically to Twitter.  On the other end, it will keep track of which tweets you’ve responded to in the past (as a measure of what you are interested in), and use that as a basis for filtering which ones from your friends you will see.  After a few days of evolving the heuristics, it will simply provide you with a running commentary of everything interesting that is happening to everyone you know, in realtime, in a convenient 140-character form.

While none of this was announced today, I think it is safe to assume that we’ll be seeing it by — oh, next Monday at the latest.   Given that CADIE already has her own blog and Twitter feed (granted, she needs a couple more days to evolve decent taste), they’re clearly moving in this direction already.

So I figure that, by around next Wednesday, the entire Internet will be taking care of itself, leaving us humans to ignore it and go back to focusing on the real world.  Really, it’s about time…

Information Shadows, and the Difficulty of Anonymity

Chris Herot wrote a very interesting short post yesterday, with some of the ideas coming out of Foo Camp East.  Some of it will be unsurprising to folks here (most of whom, I think, have long since lamented how inadequate the word “friend” is for most social networks), but there are some neat references.

One point isn’t exactly surprising, but worth noting nonetheless: see this PDF, which argues for a formalism of “information shadows”.  (The PDF is 74 pages, but it’s actually not very long — it’s essentially a slide show, in the breezy Head-First style.  The file is large, but it’s mostly pictures.)

The initial argument is that, as we move into a world of ubiquitous computing, it will become more and more essential to have data that corresponds to real-world objects, and therefore we need ways to refer to those objects.  It’s not rocket science — indeed, it’s almost exactly why the URI standard is as ridiculously flexible as it is — but he makes a good argument that steam engine time is here for this idea.

Stick around to the final third of the document, though, which is where it gets really interesting.  He generalizes the concepts of “serials” and “services”, and explores how real-world and digital concepts are mushing together, to produce new models of ownership that simply couldn’t work before ubiquitous computing.  While the facts contained in it are well-known, it shows that there are some new emergent concepts in the air, and we should start thinking about what we can really do with them.

Also, Chris points to a paper that I’m sure will disturb a lot of people here (although, again, I suspect many will be unsurprised).  De-anonymizing Social Networks demonstrates that, if you simply know that somebody is on two different anonymous social networks (they use Twitter and Flickr), you can relate their handles together with a decently high degree of confidence simply by analyzing the topology of the social graph.

I haven’t read the paper in detail yet, so I’m not sure how well it generalizes, but it does illustrate that our cozy notions of anonymity aren’t as secure as we might wish.  Modern data-mining techniques are powerful, and keeping multiple identities truly separate is harder than it looks…