Wave Postmortem

Naturally, I was off on vacation and away from most of the Internet when the news broke that Google was going to cancel Wave As We Know It.  (I love my Android phone, but it’s not really the tool for serious blogging.)  Lots of people have written about the topic, mostly along the lines of, “Wave was always a piece of junk”.  They’re wrong, but the fact is that Google managed to screw this one up in a lot of ways.  Let’s go through some of the problems, and their implications.

Lack of Patience: From what I can tell, Wave has been tossed to and fro based on management whimsy and panic; there doesn’t ever seem to have been a properly designed plan.

It was released very prematurely, when it was barely alpha-grade (and I suspect well before the engineers wanted it released), apparently because they wanted something to show off at Google I/O.  This meant that the development team had to spend the entire past year mostly firefighting, instead of doing the sort of hard and principled sanity-checking and redesign that it needed before public rollout.

And now they’re killing off the public project after scarcely a year: ridiculously too quickly for a product that they had sold as revolutionary.  Twitter is the exception, not the rule: most revolutions take years to percolate before finding mass-market acceptance.  (Think about ICQ, or Friendster, or Mosaic — the first version of a revolutionary idea is usually several years before it hits big.)

I’m coming to the conclusion that Google’s biggest problem right now is that they are being surprisingly clueless about how to manage new products.  Wave is a great product at its core, and Buzz a decent one, but both rollouts have been mismanaged on an epic scale.  If Google needs to fix one thing about the company, this is it.

Identity Integration: Everyone treats this as an afterthought, sometimes even something to be avoided for pure business reasons.  But it’s a huge problem, and Wave demonstrated why.

At initial rollout, Wave didn’t work with any existing identity system, not even Google’s own: you had to get a new “@googlewave.com” address to use it.  Even when they started to open things up, it only worked with Google IDs.

Frankly, this is dumb.  I understand Google’s motives for doing so — it’s technically a hair easier, and it encourages people into Google’s ecosystem — but it’s a foolish hurdle to put in front of a radical new tool that you are trying to get people to use.

The public is suffering a really bad case of identity fatigue: too many incompatible logins to manage.  Each one is a minor thing, but each one leads to an additional reaction of, “What, again?” when folks have to create another one.  In a perfect world, Wave should have been built on a generalized concept of identity that accepted, eg, Facebook logins, but at the very least it should have worked with OpenID and the rest of the open stack.  I remain extremely disappointed that Google put far less thought and effort into this problem than I did on my own for CommYou — you just can’t keep pulling this on the public and expect to win.

Lack of a Killer App: The biggest complaint about Wave has been the constant question, “What is it for?”, and I have to lay a lot of blame at Google’s feet for not answering that more clearly.

The thing is, Wave has multiple killer apps.  It is a brilliant co-editing system, easily the best tool I’ve ever encountered for group document development.  And while it’s a bit overweight, it is in many ways the best conversation tool I’ve found to date (aside from CommYou, of course), mixing realtime and asynchronous conversation smoothly.  In general, it’s a fine collaboration mechanism.

Either of those (and probably other stories) could have been a fine selling point — but Google dropped the ball.  Instead, they simply tossed it out with a vague and confusing “It will replace email!” (what?), and never pushed any motivating examples properly.  So it never developed the core audience that any tool needs in order to survive.

My sometime CTO Chris Herot has occasionally lectured me about the problem of Crossing the Chasm — taking a tool that is great and making it successful.  A key element of that is always the killer app: showing at least one core group of users that they can’t live without this thing.  Google simply assumed that others would do that job for them.  That was arrogant, frankly, and it didn’t work.

Bloated and Slow: Mind, this is a hard problem, and it’s a damned sophisticated tool.  But seriously: Wave runs kind of slowly even on Chrome, and doesn’t run at all on Internet Explorer.  (No, Chrome Frame is not an answer.)

That’s just plain unacceptable for a current web-based tool — again, it was kind of arrogant on Google’s part.  It’s especially unacceptable for a social tool, because social tools are all about critical mass.  If a large fraction of a community is unable to use the tool, that’s an enormous handicap, usually an insuperable one.  And much though Google might wish otherwise, a large fraction of the world is still IE-based.

I can sympathize with Google here, and cutting out IE6 is entirely reasonable at this point.  But not supporting at least the same browser set as Gmail was a serious mistake.  They need to trim down and optimize the UI to the point where it will run acceptably on the full range of modern browsers, if they actually want this stuff to ever be real; anything else is simply wishful thinking.

(The engineers in the audience might want to take note of a general lesson here.  Successful products usually follow the path of starting with a simple tool that implements a great idea, and then slowly expanding from there.  Wave did the opposite: it has a lot of pretty innovative ideas, but has proven to be a bit too ambitious for its own good, putting features ahead of the basics like broad compatibility.  I’d bet that, if you teased Wave apart into its component parts, there are half a dozen great products to be had there, that would be more successful.)

No Mobile Support: Similar to the above, but worth calling out separately, is the fact that there hasn’t yet been any practical way to interact with Wave on a smartphone.  Nowadays, that’s pretty much unacceptable.  I mean, how can you claim to be a replacement for email and not have a mobile solution?

Now let’s be clear: this is hard.  Really hard.  It’s arguably a fundamental design problem — the way Wave works, it really wants both a powerful machine and a big screen, because there is no obvious way to do the co-editing thing without it.

But really — Wave is, as much as anything, a conversation tool, and it is ridiculous that there is no lightweight and easy way to interact with the conversation.  Indeed, if Wave has a killer flaw, this is it.  The conversation mechanism looks and feels great (okay, I’m biased — it’s identical to CommYou), but is fundamentally tied into the co-editing.  A conversation is basically just a document that a bunch of people are co-editing together, and that means that there is no way into the conversation without all that co-editing weight.

This could probably be retro-fitted.  There needs to be a standard robot that monitors your waves and provides a two-way conversational bridge for them, an API for interacting with that, and an Android app that knows your Wave identity and talks to that robot.  A third party could have built that, and still could.  (Indeed, bits and pieces exist.)  But why would they?  This is core functionality, to make Google pieces talk to each other.  Google should have built it and publicized it properly, so that the hardcore members of the Google ecosystem — the sort of people who are mostly likely to use both Wave and Android — could work in a natural way.

Poor Business Support: I’ve spent most of the past year wishing desperately that I could use Wave at work.  Not a week goes past without us getting into some ridiculously nested email conversation with ten participants, where everybody is commenting on each other’s comments, nested five levels deep, using every color of the rainbow to try to distinguish each new set of comments from each other.  It’s idiotically painful, and Wave is precisely the right tool to do this instead: it excels at deep group conversations on a complex topic.

But I’ve been unable to even suggest that we use Wave: there’s no way it would fly.  Let’s get into some reasons why:

• No SLAs: serious businesses require service-level agreements.  We need to be able to count on a tool that is reliable, and Wave is nothing of the sort.  This isn’t surprising — it was released at alpha-quality, and even today it’s basically a beta.  But it’s no wonder that the business community hasn’t flocked to it, if we can’t take it seriously.
• No security assurances: I’m an engineer, and I get that nothing online is ever totally secure.  But Google hasn’t been willing to even put a stake in the ground about protecting my intellectual property, even to the degree that Salesforce does.  Without that, there’s no way I can go to my bosses and say that we should hold even casual business-related discussions there.
• No identity integration: okay, yes — it’s probably hopeless to wish that Google would provide a way to integrate with Active Directory.  But really, it’s a huge issue.  The above problems aside, my IT department is quite reluctant (with good reason) to add a completely parallel user-management system for the company: it’s a recipe for security problems, as well as simply a maintenance headache.

Of course, little of this is unique to Wave: these are common complaints about the Google ecosystem in an enterprise environment.  But it’s particularly acute this time around, because Wave is something new.  No Microsoft-centric shop is likely to use Gmail seriously, since MS is pushing Exchange at you so hard.  But MS has nothing even remotely like Wave, and it is a great business tool, so this would have been a great opportunity for Google to get their foot in the door.  Unfortunately, I think it’s been pretty much flubbed.

Next Steps: okay, so enough about the mistakes.  What comes next?

I’m going to stick my neck out and say: Wave is dead (well, dying); long live Wave.  There are actually a bunch of reasons for optimism.  Google has said that they will be repurposing the technology elsewhere, and that’s appropriate — most of the interesting bits of Wave are infrastructure.  I’ve argued for months that combining Wave’s conversational strength with a social network (eg, Buzz) would produce the first serious competitor to the LiveJournal platform.  So I hope that Google is smart about that: that they are finally getting serious about the crossing-the-chasm problem by integrating the Wave technology inside real apps.

On the downside, if they don’t replace the Wave Inbox in some smart way, that’ll hurt.  Inbox is one of Wave’s quiet strengths: a concise and very effective way to catch up on what’s been going on, whether you’ve been off having dinner or on vacation for weeks.  I do worry that, if Google uses the Wave infrastructure without providing Inbox or something like it, the system will lose half its usefulness.

Also, there’s probably a bit of brand poisoning here.  Frankly, Google handled this a bit clumsily: by killing off the main Wave project so publicly, I think they’re going to associate the whole thing in the public mind as a failure.  That would be a damned shame, since so many of the individual pieces are so right: the failure has been mostly a management one at Google, failing to put it all together correctly.

But the underlying Wave protocol is open, and I think is here to stay.  Competitors like Novell are already adopting it, as are open-source projects using Wave.  I hope that projects like the Wave Forum (an open-source effort I’m helping with, to build a truly great forum system on top of Wave) will simply change gears a bit and move forward whether Google is pushing things or not.

So: opinions?  Counter-arguments?  What are the problems that I’ve missed above?  What pieces of Wave do you think can and should be pulled out and reused?

Fake Identity, coming to a lawsuit near you

It’s been building for a while, but here’s the best example I’ve seen so far: a group of teens have been sued for impersonating another.  Basically, the four teens created a Facebook profile for their target, putting a lot of work into making it look real, and then used it to make their target look like a racist ass.  This probably isn’t unusual by now, but they went far enough to cause demonstrable harm to the kid, resulting in a defamation suit that sounds like it has a good chance of winning.

It does lead me to wonder where this is all going legally.  When we talk about “identity theft” today, we’re usually talking about schemes designed to steal your money or credit.  But this is a different sort of identity theft, perhaps even more damaging in the long run — taking control of your public profile and changing what people believe you to be.

I’m struck by the fact that, when this did turn into a lawsuit, the suit was defamation.  This seems to imply that the basic action of impersonation either isn’t illegal, or at least doesn’t result in a harsh enough punishment.  My gut says that it probably ought to be quite illegal, although my head says that it’s always difficult to write laws like this without pretty severe unintended consequences.

Opinions?  Do you think there should be harsh laws against this kind of identity theft — designed not to steal, but simply mislead?  Do you think it’s possible to write such a law well?  What sort of consequences is it likely to have?  I’m chewing this one over myself…

More on the legal limits of anonymity

Serves me right for letting myself get behind on my blog reading.

Yesterday, I talked about the need for clearer standards on when a publisher gives up an anonymous poster’s identity.  As it happens, there was progress on this front just a few days ago: Ars Technica posted a good article on almost this subject.  It’s not about blogging in this case, it’s about an apparently-false anonymous whistleblowing claim, but the basic principle is close — someone is claiming to have been defamed by an anonymous claim, and wants to find out who made the claim in order to sue them.

This time, the case apparently made it up to the appeals court, which has taken the contradictory previous decisions and attempted to craft a reasonable compromise.  The article gives the exact wording, but it basically boils down to requiring the plaintiff to demonstrate both that there are reasonable grounds and that they actually need the person to be unmasked.

So yay for intelligent judges, and at least a little progress towards laws and precedents that make sense in the modern age…

The inevitable limits to anonymity

I suspect that most folks will have heard about this, but I’ll refer my readers to this good article in SFGate about the “Skanks in NYC” case.  (Thanks to Aaron for the link.)

The short version: we’ve finally gotten a court case that came out with a ruling I’ve been expecting for a while, saying that there are limits to what you can get away with in blogging.  For a long time, there’s been a tacit assumption among many bloggers that they can say anything, and would be legally invulnerable — they saw that the system treated them as anonymous, and kind of figured that that meant they were untouchable.  This case ruled otherwise: it says that this particular blog crossed the line into defamation (at least, enough so to get a subpoena).  Moreover (and much more seriously), it ruled that Google has to turn over what records it has about the “anonymous” blogger.

Like I said, I’ve been expecting this.  The lines between blogging and publishing have long been blurry, and some blogs are obviously treading in libel territory.  I don’t see any real reason why the court would consider an op-ed column potentially libelous, while ignoring blogs like this.

Is it a good thing or bad?  Hard to say.  Anonymity does have its place, and is occasionally deathly critical; OTOH, 99% of uses of it (at least in the US) are simply venal.  IMO, this is an area where the law really needs to grapple with the problem seriously.  In particular, we need crystal-clear rules for when a “publisher” (such as Google in this case) can be coerced into turning over an anonymous poster’s information.  In this particular case I happen to think that it’s reasonable, but it’s the top of a slippery slope to more questionable requests.

In the meantime, keep in mind that your anonymity is not legally protected, at least not to an absolute degree.  So if it really matters, make sure that your tracks are well enough covered that the publisher’s contact information isn’t enough to track you down.

Opinions?  How do you feel about the legal lines here?  Is the demand to Google reasonable in this instance?  Where would you draw the line?

When does posting become publishing?

A news story made it onto the news wires yesterday, that illustrates one of the coming tensions in online communication — a real estate company is suing one of their tenants, who complained about the company on Twitter.

The case illustrates a tension that I expect to become ever-sharper in the next few years, between “conversation” and “publishing”.  Defamation suits are probably where the problem becomes most stark.

Say that I post something defamatory to my blog, which in this happy hypothetical universe has a hundred thousand readers.  As I understand it, it’s becoming fairly clear that the law thinks of that as “publishing”, and I’m just as legally liable as I would be if I published in a local newspaper.

Say that I say the same thing in a locked post on my LJ, visible only to my friends.  This is clearly a private conversation, not “published”.  It’s hard to predict the courts, but I find it unlikely that one would find this a matter worthy of a lawsuit, and I’d argue strongly that it shouldn’t.

Now, take the case at hand.  The post in question was to Twitter.  The woman reportedly only had 20 followers, and probably thought of this as a private conversation.  Indeed, a lot of people are laughing at the realty company, for turning a mountain into a molehill.  But their contention is that this was published to the public, and that’s kind of true: Twitter is a global feed, and lots of people mine it quite randomly.  So at least technically, it kind of was “publishing”.

So how do we draw the lines?  In an age where “conversations” can be visible to the whole web, and posts are just part of the larger conversation, what is publishing?  How can the courts distinguish between libel and simply someone spouting off to their friends?  It’s not a trivial matter — while the difference might be obvious at the gut level to you and me, the law likes clear lines, and I’m not seeing many of them.

I don’t have answers here, but I welcome thoughts on the matter.  It’s a problem that is likely to feed back into the technology and social conventions of online conversation — potential lawsuits are good for chilling free expression, so these lines really matter in practice…

Autopilot and Social Networking

I’m sure that, by now, you’ve all heard about Google’s new Autopilot extension to Gmail, which was announced today.  Obviously, Autopilot represents a major leap forward in conversation technology.  (Yes, yes — CommYou will begin letting users appply Autopilot to conversations, as soon as Google opens up the APIs.)

Let’s talk instead, though, about the potential of this technology for social networking.  Autopilot is doing a good job of easing the burden of conversation, by removing the need to read and reply to your email.  But really, that’s the easy bit.  Nowadays, the really challenging problems are all coming on the social networking side.

So I’m going to propose two products that I think Google should be working on.  (And given how fast the CADIE project is evolving, probably will have finished by tomorrow.)

First up is AutoNetwork.  This would monitor your existing social network, as well as all aspects of your real life, integrating your calendar, your phone calls and your emails to derive a complete picture of who you are and who you know.  (Google already knows all of this anyway, so it’s just a matter of putting the pieces together.)  Then, when you apply AutoNetwork to a given social network, it chooses who you should friend and who not.  It will automatically add friends, decline invitations from people you don’t know *that* well, and unfriend people who you really shouldn’t be talking to.  This will remove the burden of keeping track of your social network, by doing all the heavy lifting for you.  In release 2.0, it will decide which social networks you should be on in the first place.

Second is AutoTweet.  This is simply a logical extension of AutoPilot, aimed at broadcast media.  It will use its advanced heuristics to decide which elements of your life are worth talking about, summarize them, and post them automatically to Twitter.  On the other end, it will keep track of which tweets you’ve responded to in the past (as a measure of what you are interested in), and use that as a basis for filtering which ones from your friends you will see.  After a few days of evolving the heuristics, it will simply provide you with a running commentary of everything interesting that is happening to everyone you know, in realtime, in a convenient 140-character form.

While none of this was announced today, I think it is safe to assume that we’ll be seeing it by — oh, next Monday at the latest.   Given that CADIE already has her own blog and Twitter feed (granted, she needs a couple more days to evolve decent taste), they’re clearly moving in this direction already.

So I figure that, by around next Wednesday, the entire Internet will be taking care of itself, leaving us humans to ignore it and go back to focusing on the real world.  Really, it’s about time…

Information Shadows, and the Difficulty of Anonymity

Chris Herot wrote a very interesting short post yesterday, with some of the ideas coming out of Foo Camp East.  Some of it will be unsurprising to folks here (most of whom, I think, have long since lamented how inadequate the word “friend” is for most social networks), but there are some neat references.

One point isn’t exactly surprising, but worth noting nonetheless: see this PDF, which argues for a formalism of “information shadows”.  (The PDF is 74 pages, but it’s actually not very long — it’s essentially a slide show, in the breezy Head-First style.  The file is large, but it’s mostly pictures.)

The initial argument is that, as we move into a world of ubiquitous computing, it will become more and more essential to have data that corresponds to real-world objects, and therefore we need ways to refer to those objects.  It’s not rocket science — indeed, it’s almost exactly why the URI standard is as ridiculously flexible as it is — but he makes a good argument that steam engine time is here for this idea.

Stick around to the final third of the document, though, which is where it gets really interesting.  He generalizes the concepts of “serials” and “services”, and explores how real-world and digital concepts are mushing together, to produce new models of ownership that simply couldn’t work before ubiquitous computing.  While the facts contained in it are well-known, it shows that there are some new emergent concepts in the air, and we should start thinking about what we can really do with them.

Also, Chris points to a paper that I’m sure will disturb a lot of people here (although, again, I suspect many will be unsurprised).  De-anonymizing Social Networks demonstrates that, if you simply know that somebody is on two different anonymous social networks (they use Twitter and Flickr), you can relate their handles together with a decently high degree of confidence simply by analyzing the topology of the social graph.

I haven’t read the paper in detail yet, so I’m not sure how well it generalizes, but it does illustrate that our cozy notions of anonymity aren’t as secure as we might wish.  Modern data-mining techniques are powerful, and keeping multiple identities truly separate is harder than it looks…

Portable Contacts gets a big boost

I’ve mentioned the Portable Contacts (PoCo) project a few times in the past — it’s the group that is trying to do for contact lists what OpenID is doing for identity, allowing you to use a single contact list across the Web.

That’s been growing steadily in recent months, with a lot of small players and several mid-level ones picking up on it.  And as of yesterday, it’s gained another significant supporter: Google Contacts has begun to support PoCo.  This means that any PoCo-enabled app can now make use of contact lists from Google, if you give it permission to do so.

No, it’s not Facebook — if that ever happens, you’ll know that PoCo has well and truly won as a standard.  (Nor is it LJ, which matters most to a number of my readers here.)  But it’s a fine step in the right direction, moving from social-network “walled gardens” to a more open and consistent infrastructure…

Contacting your users in the Open Stack world

Here’s an interesting new problem for us conversation facilitators to deal with: what do you do when you are legally mandated to contact your users, and can’t?

This is inspired by a recent court ruling, described in Ars Technica.  The upshot here is a pretty reasonable decision: before revealing the identities of anonymous commenters who are being sued for defamation, the plaintiffs must make a good-faith effort to contact them and give them a chance to respond before they are outed.

The court said that posting on the message board in question should suffice, but I don’t expect that to hold up in the long run.  As we move towards more community-oriented and filtered communication systems, the fact is that posting something publicly just isn’t going to be a plausible way of getting the message through.

In a traditional system, there’s an obvious fallback position: require the messaging system to pass an email through to the users in question.  (Assuming the messaging system has some idea who these users are; if not, the case is meaningless.)  It does put more onus on the messaging provider than the current ruling does, but I won’t be surprised to see that happen.

But what if the users joined the system through OpenID?  In this case, there might well be no means of contacting those users other than partly outing them.  At the least, the front-line messaging system would have to bring the identity provider into the loop, and things could get complicated and messy.

It’s just an example, but it illustrates a tension that’s going to be coming up more in the coming days.  The new identity environment — especially the Open Stack — is all about spreading identity out, and making it easy to keep it a bit opaque.  But a lot of laws and customs assume that identity is fairly easy to penetrate.  I suspect we’re going to find all sorts of places where those come into conflict, especially as “publication” and “identity” become entirely separate functions.  Any bets on how messy things will get, or how far the law will fall behind reality?

The Rise of the Un-Person

On Friday, AllFacebook reported about current moves to kick convicted sex offenders off of social networks.  On the one hand, I understand the motivation behind this — people are terribly worried about online predation.  On the other hand, I’m increasingly disturbed by this trend.

As with most such, the beginning of the legal story was innocuous, or at least fairly sensible, with moves such as keeping convicted offenders away from schools.  This seems pretty rational on the surface, at least when well-applied, keeping them away from temptation and the danger away from kids.

But over time, the idea has expanded, and gradually become, if not always irrational, at least a lot less consistently grounded.  Some laws are requiring offenders to register publicly, so that parents can know about them.  Still justifiable, but shakier ground: everybody has to live somewhere, after all, and most places are somewhere near children, so the fact that they happen to be in the same neighborhood isn’t an indication of malign intent.  And it opens up a lot of likelihood of harassment of people who aren’t doing anything wrong.

(There are lots of other arguments as well, not least that the definition of “sex offender” is now very broad, covering everything from really scary predators to people who are just guilty of a dumb teenage mistake.  Not to mention the whole question of how we should treat someone who has genuinely reformed.  It’s thorny stuff.)

These new moves into the online space expand the argument even further.  It seems innocuous if you think of Facebook as simply a kids’ hangout where nothing important happens — on that logic, the risk is high and the cost in freedom low.  But that is, at best, a misinformed short-term view.

There seems to be little question that the online sphere matters more every year — indeed, almost every day at the moment.  Facebook is no longer just for kids: it and other social networks are increasingly crucial for everything from finding a job to staying in touch with your social circle.  On current trends, within ten years it’s going to be getting hard to have a life in this country without some social networking.

Which raises the question: what justifies cutting someone out of those networks?  Currently, it’s done casually, indeed sometimes frivolously by the network providers like Facebook.  But as these networks become ever-more important public utilities — as they become public space, as much so as the park you might go for a stroll in — it becomes a much more serious punishment, and one that can’t be applied arbitrarily.

Or to look at it another way: at what point does cutting someone out of the social web turn them into an Un-Person, whose life is more restricted than any released felon’s has been in the past hundred years?  We’re not there yet, but I can see that day coming.  And I believe we’re going to need to come to grips with the question soon…