Clients – Stay N Alive

Privacy is Not an On and Off Switch – "Do Not Track" is Not the Answer

Victoria Salisbury wrote an excellent blog post today on “Who’s Creepier? Facebook or Google?“.  I’ve been intrigued by the hypocrisy over criticism of Facebook’s own very granular privacy controls when sites like Google, Foursquare, Gowalla, Twitter, and others have an all-or-nothing approach with some things (location and email in particular) that are even more private than anything Facebook is currently making available at the moment (if you want some good examples read Kim Cameron’s blog).  The fact is that Facebook, despite the amount of private data available, will always be my last resort as a hacker when I want to track data about an individual online due to the granular control of data available, and lack of default public data.  However, despite all this, even Facebook isn’t at the ideal place right now in terms of privacy. The fact is my private data is still enclosed on Facebook’s servers, and with that, there will always be some level of risk in storing that data, no matter where it is.  So what’s the solution?

Browsers such as Mozilla and Chrome are now beginning to implement “fixes” around this problem of tracking data about users across online services (note my article on how even Wall Street journal is tracking data about users), called “Do not track.”  The extension, or in some cases native browser functionality, seeks to give users the option of completely turning off the ability for sites to track a user around the web, removing any personalization of ads and in some cases the removal of ads completely from the browsing experience.  This experience is fine and dandy – it gives the user an option.  But as my friend Louis Gray puts it, “all it does is ensure off-target ads with a crappy experience.”  It is clear an on and off approach is the wrong approach, and I fear those behind these extensions and browser integrations are missing out on an important opportunity.

So where can we go from here if “Do Not Track” is not the answer?  The answer lies in the problem I stated above – the problem being that individual user information is being stored on 3rd party servers, without the control of users and assumed risk of relying on a 3rd party.  We saw this as Facebook made a temporary mistake earlier in 2010 when they launched Instant Personalization on 3rd party websites along with other 3rd party website features, but in doing so accidentally opened up a majority of their users private information with little notice to users (I did get an email warning of the change, however).  Facebook quickly fixed the privacy problem with even better privacy controls than before, but by that point the damage was done.  It was proof positive that there is huge risk in storing private information on 3rd party websites.  The advice I give to customers and users and news organizations in interviews I give is, “if you’re not okay sharing it with the world, don’t share it at all, regardless of privacy controls.”  It’s an on or off solution at the moment, and I’m afraid there are no better choices.

There is a solution though.  Chrome, and Firefox, and IE, and every browser out there should be working towards this solution.  We need to take the granular controls that sites like Facebook provide, and put them in the browser.

Awhile back I spoke of a vision of mine I call “the Internet with no login button.”  The idea being that using open technologies (we already have Information Cards, for instance), the more private information about users can be stored in the browser, reducing the risk of that information being shared by accident with 3rd party websites.  Rather than something like Facebook Connect (or Graph API), for instance, a browser-driven version of OpenID would control the user authentication process, identify the user with a trusted provider (Facebook, Google, Religious institutions, Government institutions, you choose), and then be able to retrieve private information about individuals directly from the browser itself.

The fact is I already use tools to do some of this.  1Password, for instance, allows me to keep a highly encrypted store of my passwords, credit card, and other data on my hard drive and provide that data, as I choose, to the websites I visit.  A browser-native experience like this would make this process automatic.  I would specify which sites I give permission to have my data – name, address, phone number, email, location data, etc. – and I would also be able to choose what users have access to that data.  I could then choose to store my more public data on services such as Facebook and elsewhere, with the same option to still store it on my own hard drive if I choose.  With such a fine-tuned integration my more private information is completely in my own control.  My browser controls access to the data, not any 3rd party website or developer.

At the same time keys could be given to 3rd party websites to store my data on their servers.  In order to render that data, they need my computer’s permission to render the data.  The solution is not quite evident yet, but some how a trusted, separate service should be able to provide the permissions to render that data, and when that permission is revoked, all data, across all 3rd party websites, becomes disabled.  Or maybe just a few sites become disabled.  The goal being control is completely handled by the user, and no one else.  Maybe sites get disabled by my browser sending a “push” to the sites, forcing their data of mine to delete completely off their servers (or render useless).

Chrome and Mozilla have a huge opportunity here, and it’s not to provide an on or off switch for privacy.  I should be able to decide what information I want to be able to provide to ads displayed to me, and that data shouldn’t come from Facebook, Twitter, or Google.  My browser should be controlling that access and no one else.  Privacy belongs on the client.

I’m afraid “Do Not Track”, in the browser or by government, is no the answer.  There are better, much more granular solutions that browsers could be implementing.  It is time we spend our focus on a dimmer, not an on-and-off switch, for the open, world wide web.  I really hope we see this soon.

With the New Design, Twitter Kills RSS, Literally

The blogosphere is abuzz lately about the latest trend: “RSS is Dead,” everyone says.  Other blogs say “RSS isn’t dead.” (of which side I tend to agree with).  The debate lies with the fact that more and more people are starting to use Twitter, Twitter lists, Facebook, and other social means to just get the news from the streams they follow on these sites rather than typical RSS Readers like Google Reader.  For instance, even on my own Google Reader shares, you can get them right on my @jesseslinks Twitter stream if you don’t ever want to touch Google Reader (yet I’m still using Google Reader to provide those to you).  Whatever side you agree with, I just discovered one thing we’ll all be able to agree with: at least on its own site in the new design, Twitter has quite literally killed RSS.  Into thin air it’s gone in the new UI.

I talked previously about Twitter increasingly becoming less and less open and more and more a walled garden.  Facebook itself just added RSS to its feeds for Facebook Pages and opened its database so you can reformat their content, so long as users approve, in any way you like.  It appears, as no surprise, Twitter is moving in the opposite direction.  In the new design I can’t find an RSS feed anywhere.  Previously there was a link to the lower-right allowing you to add an RSS feed.  They also had a link to the RSS in the source of the HTML so your browser would automatically recognize the feed, and just entering the URL for the user profile into Google Reader, they could automatically detect the feed for you.

Currently the only way to find an RSS feed is to log out and visit the profile of the user when you’re not logged into Twitter.  This might also be why Google Reader still recognizes feeds when you enter user profile URLs in the “Add Subscription” box.  Firefox doesn’t recognize the feed when I’m logged in – it does when I’m not.  It does make you wonder how long the RSS feed will be in the unauthenticated version.

It’s hard to tell if this is intentional or not, but we do know Twitter wants to be a source for news.  Perhaps they think this is in their best interest – the harder they make it for you to read your news elsewhere, the more likely you are to come to to read your news from your friends.  One thing is for sure however – the new Twitter design is certainly less open than it was before.  Twitter, especially with the new design, is now a walled garden.

I’ve contacted Twitter about this and will update here with any response.

UPDATE: For some reason Twitter’s PR never responded.  However, even better, Isaac Hepworth, a developer from Twitter, responded on Buzz, inferring some of it was a mistake, while some of it was intentional to make things simpler:

“Hey Ade, thanks for the cc and sorry for the delay jumping in. I’ve been talking to people internally to work out what happened here so that I could untangle it properly.

Here’s the scoop: the RSS itself is still there (as Jesse’s roundabout method for finding it shows). Two things were removed in #NewTwitter:
1. The hyperlink to the RSS on the profile page; and
2. The link to the RSS in the profile page metadata (ie. the element in the ).

(2) was wholly accidental, and we’ll fix that. In the meantime, Jesse’s way of finding the RSS is as good as any, and you can still subscribe to user timelines in products like Google Reader by just adding a subscription to the profile URL, eg.

(1) on the other hand was deliberate, in line with the “keep Twitter simple” principle which we used to approach the product as a whole. Identifying RSS for a page and exposing it to users per their preferences is a job which most browsers now do well on their own based on s.

Hope that helps!”

Hosting a Virtual Gift Exchange with Albinophant

White Elephant Gift ExchangeAlmost everyone has participated in a “white elephant” gift exchange.  Some people call variations of it “Secret Santa”, or “Yankee Swap”, but the overall concept is the same.  Each person brings a gift, the gifts are placed in the middle or rotated in some fashion, and each person takes a turn picking the wrapped gift of their choice, not knowing what their gift could be.  However, in this era of virtuality where your close network of friends and family live all over the world, figuring out how to divy up the gifts or get everyone in one location for such an exchange can be difficult.  Perhaps your office all works from home, or you’re self employed.  A client of mine, Albinophant, has built the perfect application for the holidays which helps you create white elephant gift exchanges virtually via just your Facebook profile.

The premise behind Albinophant is simple.  All you need to do is create a party, invite your Facebook friends to attend the party, and schedule a date and time for the party to start.  Your friends and family will get a Facebook invite and when they accept the invite they’ll have the opportunity to RSVP for the event.  Once they RSVP they’ll be taken to a page of hundreds of gifts taken from, which they can select and purchase.  The host can specify a maximum price range, and only the gifts that fit within that price range will show up for that particular party.  This solves the problem of some people having that one really expensive gift that everyone wants.  After selecting their gift, the user selects a virtual gift wrapping for that gift (the gifts are real, but the gift wrapping is just for the game to disguise what the gift is), with which the gift will be identified during the game.


Then, the party starts.  When the time for the party starts, an e-mail gets sent to the first person who RSVP’d for the gift exchange.  They click on a link, select one of the gift-wrapped gifts from the list of items, then their item is revealed, and both they and the rest of the participants are able to see what they selected.  Once each person’s turn is over, the next person in line is sent an e-mail telling them it’s their turn, and they get to select a gift.

Here’s the catch though – the “Yankee Swap”, as Michael Scott from The Office puts it.  Each player, on their turn, can “steal” a gift from any other player that has already unwrapped their gift.  You can do so on each turn until all the gifts have been unwrapped.  So even though you may think you have the coolest and most geeky gift, that gift could very well be stolen by any one of the other participants.  This is part of the fun of the Albinophant Gift Exchange.

Once the party is over, everyone sees the gifts they’ve won.  A message is also posted to Facebook notifying their friends of the gift they won so they can show it off and talk about it with all their Facebook friends.  It’s a fun occasion for both that close circle invited to the party, as well as those that haven’t attended that can see what you won.  In addition to winning virtually though, if the Host has opted, each participant will then be mailed the gift they selected (which someone else purchased), in real life.  The party goes from virtual to real, and the relationships have just strengthened a bit more.

As you’re gearing up for the Holidays, consider giving Albinophant a try in to get in the spirit with your online friends.  Go in and set up a party to try it out – use the offer code “1234” when creating a party and all the gifts your participants select will be virtual and free (meaning they won’t be sent a real gift but you can still have the party).  Albinophant’s a fun app you can use throughout the entire year to build Holiday spirit regardless of boundary.

You can sign up to host your own party here:


Albinophant/PartyWeDo is a client of Stay N’ Alive Productions, LLC, my social technologies consulting company. If you are a blogger and you would like a free demo, or would like to host your own please let me know and I can arrange a tour for you and your friends/family.