Archive for March, 2009

Information Shadows, and the Difficulty of Anonymity

March 31, 2009

Chris Herot wrote a very interesting short post yesterday, with some of the ideas coming out of Foo Camp East.  Some of it will be unsurprising to folks here (most of whom, I think, have long since lamented how inadequate the word “friend” is for most social networks), but there are some neat references.

One point isn’t exactly surprising, but worth noting nonetheless: see this PDF, which argues for a formalism of “information shadows”.  (The PDF is 74 pages, but it’s actually not very long — it’s essentially a slide show, in the breezy Head-First style.  The file is large, but it’s mostly pictures.)

The initial argument is that, as we move into a world of ubiquitous computing, it will become more and more essential to have data that corresponds to real-world objects, and therefore we need ways to refer to those objects.  It’s not rocket science — indeed, it’s almost exactly why the URI standard is as ridiculously flexible as it is — but he makes a good argument that steam engine time is here for this idea.

Stick around to the final third of the document, though, which is where it gets really interesting.  He generalizes the concepts of “serials” and “services”, and explores how real-world and digital concepts are mushing together, to produce new models of ownership that simply couldn’t work before ubiquitous computing.  While the facts contained in it are well-known, it shows that there are some new emergent concepts in the air, and we should start thinking about what we can really do with them.

Also, Chris points to a paper that I’m sure will disturb a lot of people here (although, again, I suspect many will be unsurprised).  De-anonymizing Social Networks demonstrates that, if you simply know that somebody is on two different anonymous social networks (they use Twitter and Flickr), you can relate their handles together with a decently high degree of confidence simply by analyzing the topology of the social graph.

I haven’t read the paper in detail yet, so I’m not sure how well it generalizes, but it does illustrate that our cozy notions of anonymity aren’t as secure as we might wish.  Modern data-mining techniques are powerful, and keeping multiple identities truly separate is harder than it looks…

Portable Contacts gets a big boost

March 26, 2009

I’ve mentioned the Portable Contacts (PoCo) project a few times in the past — it’s the group that is trying to do for contact lists what OpenID is doing for identity, allowing you to use a single contact list across the Web.

That’s been growing steadily in recent months, with a lot of small players and several mid-level ones picking up on it.  And as of yesterday, it’s gained another significant supporter: Google Contacts has begun to support PoCo.  This means that any PoCo-enabled app can now make use of contact lists from Google, if you give it permission to do so.

No, it’s not Facebook — if that ever happens, you’ll know that PoCo has well and truly won as a standard.  (Nor is it LJ, which matters most to a number of my readers here.)  But it’s a fine step in the right direction, moving from social-network “walled gardens” to a more open and consistent infrastructure…

Fine- vs coarse-grained group management

March 24, 2009

There’s an interesting discussion going on over on the Portable Contacts mailing list right now, that seemed worthwhile to bring up here.

Portable Contacts (or PoCo for short) is the standard brewing up for how you share contact lists.  It fills a gap in the “Open Stack”, which already had things like OpenID for sharing your identity (so you can log into various places with a single ID) and OpenSocial (so you can plug various applications into your social network).  PoCo provides a standard way for you to let an application (or another social network) see who your friends are, so you can use your flist for various purposes.

(CommYou doesn’t yet support PoCo, but that’s solely because I haven’t gotten around to it yet — once I’m done with the current rearchitecting, it’s medium-high on the priority list.)

Anyway, today’s conversation brought up the point of how you share that flist.  Currently, it’s mostly being done all-or-nothing — you tell your social network that app A can see your flist, and it gets access to the whole thing.  Which works fine for me personally, but as was pointed out in the discussion, won’t work for everyone.  The point came up that your custom friend lists can and should be used to manage which contacts get exposed.

In particular, Martin Atkins argued for finer-grained access controls:

The sort of uses I’m imagining are, for example, importing my business contacts into LinkedIn without giving LinkedIn access to my personal contacts, or conversely pulliing my close friends into without pulling in my business connections.

That makes sense, and while I tend to be fairly loose about letting my networks and identities slosh around between each other, I know that many of you are much more careful about it.

So I’m curious: how do you think you would approach these access controls?  Do you believe that you would use fine-grained controls, to make sure that certain apps only knew about a subset of your social network?  Do you think you’d do this generally, or only for certain apps and networks?  And do you see handling this differently between, say, LJ, Facebook and LinkedIn?

Do you trust your identity provider?

March 11, 2009

In a comment to my post yesterday, dsr brought up a very good point: trust in identity providers.

Consider — at the moment, the vast majority of users aren’t even thinking about this, but they’re buying into this brave new identity world by default.  They don’t care about “unified identity” or anything like that: they’re just enjoying the fact that OpenID and Facebook Connect allow them to remember fewer passwords.

Yet this casual decision, of using your Facebook or LiveJournal or whatever account to log into other systems, may have profound effects down the line.  If you use a single identity more and more, across a broad swathe of the Net, it becomes you in some very important ways.  The possibility of losing that identity, or losing control of it, becomes ever-more painful and problematic.

Pseudonymity actually makes this much worse.  When you are known by your real name, you generally have multiple avenues for getting the word out if an identity goes away — if this email address croaks, you can go to your friends face to face and tell them.  But if you are only known to a community through a specific online pseudonym, moving to a new one is kind of problematic, since they don’t have good ways to verify the move.

There is a lot of implicit power being handed to these identity providers.  Millions of people are beginning to use their Facebook login as their One True Online Identity.  That gives enormous power to Facebook — indeed, it’s probably the one thing that justifies their preposterous stock valuation.  And few have given any thought to what it might mean to them if, a few years down the road, Facebook were to start slowly making use of that power.

So — do you trust your identity provider?  It’s pretty clear to me that I don’t trust any of the major ones very much — are there lesser-known companies that are structured in ways to make them less likely to be abusive?  And which are stable enough?  That’s the flip side of the problem: you need to trust your provider to not become evil, but you also need to trust it to keep your identity running.

It does all lead me to wonder if there’s another step yet to come, of a more robust, truly distributed identity system, that would not leave your identity in any single hands.  Hmm…

Contacting your users in the Open Stack world

March 10, 2009

Here’s an interesting new problem for us conversation facilitators to deal with: what do you do when you are legally mandated to contact your users, and can’t?

This is inspired by a recent court ruling, described in Ars Technica.  The upshot here is a pretty reasonable decision: before revealing the identities of anonymous commenters who are being sued for defamation, the plaintiffs must make a good-faith effort to contact them and give them a chance to respond before they are outed.

The court said that posting on the message board in question should suffice, but I don’t expect that to hold up in the long run.  As we move towards more community-oriented and filtered communication systems, the fact is that posting something publicly just isn’t going to be a plausible way of getting the message through.

In a traditional system, there’s an obvious fallback position: require the messaging system to pass an email through to the users in question.  (Assuming the messaging system has some idea who these users are; if not, the case is meaningless.)  It does put more onus on the messaging provider than the current ruling does, but I won’t be surprised to see that happen.

But what if the users joined the system through OpenID?  In this case, there might well be no means of contacting those users other than partly outing them.  At the least, the front-line messaging system would have to bring the identity provider into the loop, and things could get complicated and messy.

It’s just an example, but it illustrates a tension that’s going to be coming up more in the coming days.  The new identity environment — especially the Open Stack — is all about spreading identity out, and making it easy to keep it a bit opaque.  But a lot of laws and customs assume that identity is fairly easy to penetrate.  I suspect we’re going to find all sorts of places where those come into conflict, especially as “publication” and “identity” become entirely separate functions.  Any bets on how messy things will get, or how far the law will fall behind reality?

Invitations as Group Conversation

March 3, 2009

As I was RSVP’ing to a Facebook event invitation today, it occurred to me that the rise of online invite services is fundamentally changing the dynamic of party invitations.  In particular, it turns the invitation process itself into a rough and ready group conversation.

Consider: a traditional snail-mail invitation is mostly between each individual inviter and invitee.  Sure, the invitees might talk among themselves a bit — but often, they don’t even know who else has been invited.  So any conversation that happens is one-to-one and private.

In most of the online services, though, whether it be Evite or Facebook or whatever, there’s a lot more group knowledge and interaction.  By default, you can usually see everyone else who has been invited.  You can usually see who has accepted or declined — in many cases, you can even see why they did so.

This, in turn, has knock-on effects on the party, because the process is self-reinforcing.  If I see a lot of people who I like going to the party, I’m more likely to attend.  Contrariwise, if it’s been two days and nobody has RSVP’ed in the affirmative, I’m likely to pause and think about it myself — an intended 20-person party is less fun if only three people are going to show up.

The result is that the invitation mechanism becomes a simple dynamic system, with feedback loops driving it up or down.  That can be good or bad, depending on the circumstances, but it certainly changes the nature of the beast a little.  Statistically, it seems likely to make events a little more likely to succeed or fail big, rather than being simply “okay” in the middle.

Effectively speaking, the invitation becomes a conversation.  (Sometimes explicitly, as in the case of the Wall for a Facebook Event.)  Instead of being a purely individual decision, the group interacts more to decide whether this is something that “we” are going to do.

Opinions?  This is purely anecdotal, and I can’t say I’ve tried to gather concrete evidence for it, but it’s the way I react at a gut level: who else is coming does influence my decision a bit.  Do you find the same?  Are there countervailing forces in this little dynamic system?  Are we going to see new rules of etiquette, as Emily Post confronts these effects?

The weak link in the spam war is always people

March 1, 2009

I always appreciate clever spam, at least aesthetically — it may be evil, but evil-and-smart isn’t quite as irritating as evil-and-stupid.

In this particular case, it was a comment in The Art of Conversation, which hit my moderation filter a few minutes ago.  The comment itself is simple but well-designed to stroke the ego: “Just passing by. Btw, your website have great content!”  (Okay, so they blew their English roll.  But that’s not unusual in the blogosphere.)  I actually contemplated approving the comment, but the sheer generic-ness of it made me pause an extra second.  And that pause was long enough to actually look at the signature — which is, of course, a link to a make-money-fast scheme.

I hadn’t previously realized that I don’t pay much attention to signatures, but somewhere along the line I clearly started tuning them out.  Going to have to be more careful about that in the future.

And there’s an important general point here: automated tools can only do so much in the fight against spam.  There was nothing technically sophisticated about this particular attempt to place spam in my blog, just a little smart social engineering.  They appealed to my ego, betting that I wouldn’t read the rest of the message closely enough to realize I was being used.  And they almost got me, despite my being pretty sensitive to these ploys.

What have you been seeing lately?  Has anything new and different from the spammers caught your eye?