open web Archives - Stay N Alive

Privacy is Not an On and Off Switch – "Do Not Track" is Not the Answer

privacy-9756530Victoria Salisbury wrote an excellent blog post today on “Who’s Creepier? Facebook or Google?“.  I’ve been intrigued by the hypocrisy over criticism of Facebook’s own very granular privacy controls when sites like Google, Foursquare, Gowalla, Twitter, and others have an all-or-nothing approach with some things (location and email in particular) that are even more private than anything Facebook is currently making available at the moment (if you want some good examples read Kim Cameron’s blog).  The fact is that Facebook, despite the amount of private data available, will always be my last resort as a hacker when I want to track data about an individual online due to the granular control of data available, and lack of default public data.  However, despite all this, even Facebook isn’t at the ideal place right now in terms of privacy. The fact is my private data is still enclosed on Facebook’s servers, and with that, there will always be some level of risk in storing that data, no matter where it is.  So what’s the solution?

Browsers such as Mozilla and Chrome are now beginning to implement “fixes” around this problem of tracking data about users across online services (note my article on how even Wall Street journal is tracking data about users), called “Do not track.”  The extension, or in some cases native browser functionality, seeks to give users the option of completely turning off the ability for sites to track a user around the web, removing any personalization of ads and in some cases the removal of ads completely from the browsing experience.  This experience is fine and dandy – it gives the user an option.  But as my friend Louis Gray puts it, “all it does is ensure off-target ads with a crappy experience.”  It is clear an on and off approach is the wrong approach, and I fear those behind these extensions and browser integrations are missing out on an important opportunity.

So where can we go from here if “Do Not Track” is not the answer?  The answer lies in the problem I stated above – the problem being that individual user information is being stored on 3rd party servers, without the control of users and assumed risk of relying on a 3rd party.  We saw this as Facebook made a temporary mistake earlier in 2010 when they launched Instant Personalization on 3rd party websites along with other 3rd party website features, but in doing so accidentally opened up a majority of their users private information with little notice to users (I did get an email warning of the change, however).  Facebook quickly fixed the privacy problem with even better privacy controls than before, but by that point the damage was done.  It was proof positive that there is huge risk in storing private information on 3rd party websites.  The advice I give to customers and users and news organizations in interviews I give is, “if you’re not okay sharing it with the world, don’t share it at all, regardless of privacy controls.”  It’s an on or off solution at the moment, and I’m afraid there are no better choices.

There is a solution though.  Chrome, and Firefox, and IE, and every browser out there should be working towards this solution.  We need to take the granular controls that sites like Facebook provide, and put them in the browser.

Awhile back I spoke of a vision of mine I call “the Internet with no login button.”  The idea being that using open technologies (we already have Information Cards, for instance), the more private information about users can be stored in the browser, reducing the risk of that information being shared by accident with 3rd party websites.  Rather than something like Facebook Connect (or Graph API), for instance, a browser-driven version of OpenID would control the user authentication process, identify the user with a trusted provider (Facebook, Google, Religious institutions, Government institutions, you choose), and then be able to retrieve private information about individuals directly from the browser itself.

The fact is I already use tools to do some of this.  1Password, for instance, allows me to keep a highly encrypted store of my passwords, credit card, and other data on my hard drive and provide that data, as I choose, to the websites I visit.  A browser-native experience like this would make this process automatic.  I would specify which sites I give permission to have my data – name, address, phone number, email, location data, etc. – and I would also be able to choose what users have access to that data.  I could then choose to store my more public data on services such as Facebook and elsewhere, with the same option to still store it on my own hard drive if I choose.  With such a fine-tuned integration my more private information is completely in my own control.  My browser controls access to the data, not any 3rd party website or developer.

At the same time keys could be given to 3rd party websites to store my data on their servers.  In order to render that data, they need my computer’s permission to render the data.  The solution is not quite evident yet, but some how a trusted, separate service should be able to provide the permissions to render that data, and when that permission is revoked, all data, across all 3rd party websites, becomes disabled.  Or maybe just a few sites become disabled.  The goal being control is completely handled by the user, and no one else.  Maybe sites get disabled by my browser sending a “push” to the sites, forcing their data of mine to delete completely off their servers (or render useless).

Chrome and Mozilla have a huge opportunity here, and it’s not to provide an on or off switch for privacy.  I should be able to decide what information I want to be able to provide to ads displayed to me, and that data shouldn’t come from Facebook, Twitter, or Google.  My browser should be controlling that access and no one else.  Privacy belongs on the client.

I’m afraid “Do Not Track”, in the browser or by government, is no the answer.  There are better, much more granular solutions that browsers could be implementing.  It is time we spend our focus on a dimmer, not an on-and-off switch, for the open, world wide web.  I really hope we see this soon.

The Next "Facebook Platform" for the Modern Web, and Why Twitter’s Running the Wrong Way

I’ve talked previously about “the web with no login button”, a vision of the Building Block Web that follows the user where they go, knowing who they are and adapting as they move.  With the advent of mobile, entire operating systems running on the browser, cloud-based personal information stores and APIs such as Kynetx to manage both user and application data for the user, we are so close to being where we want to be!  There’s one hurdle we have to jump before we get there though, and I’m concerned Twitter just ran the wrong direction with their new UI.  The hurdle we’ve got to get around is that of allowing a user’s social connections to also follow them wherever they go, uninhibited by any single corporation.  Not a single big player seems willing to take this step yet, but when it happens, I guarantee you’ll see a revolution at the scale of when Facebook Platform launched in 2007.  The first person to do it gets the opportunity to lead the pack, and hundreds of millions will follow.

I mentioned earlier on Twitter that something about Twitter’s new UI (which I’ve actually only seen screenshots and demos of since I’m not on their Press list) really bugged me but I couldn’t put my finger on it.  Perhaps it was hearing Ev emphasize “yet” when talking about CoTweet-like functionality. Perhaps it was hearing Jason Goldman talk about improving their “following” interface to something that I think could potentially threaten some of what I’m doing with my business.  Perhaps it’s the feature they just asked me to kill on SocialToo that I haven’t announced yet.  Perhaps it’s their lack of a solid roadmap like Facebook has to warn developers of what’s ahead and who will be replaced next.  As a developer, every step like this Twitter makes is certainly a threat to my business model and anyone else like me.  It’s definitely a token to their closed nature.  However I think it’s much bigger than that.

I think Alex Payne, of whom I just became a big fan after his recent post on his perceptions of the new UI (a must read), said it perfectly, “all communications media will inevitably be decentralized, and that all businesses who build walled gardens will eventually see them torn down.”  Now, I don’t think all walled gardens will die – Ev William’s own original startup, Blogger.com, remained closed in a time where sites like LiveJournal and WordPress were going completely open source and it was still bought by Google.  In those days, going open source and giving people the opportunity to own their own data stored on each blog was the equivalent of federating social connections would be today – instead of owning content people would now have the opportunity to own their own relationships and port those from site to site if they choose, or host the relationships themselves if they also choose (I’m kind of doing that at http://community.staynalive.com/jesse).  Blogger obviously survived and is now one of the largest blogging platforms on the planet.

Twitter’s new UI, while I’m sure it will increase page views for them and bring them lots of money, is too late for Twitter to do any sort of innovation in this space.  Facebook already did this, and they were called a “walled garden” as a result and are now trying to break out of this reputation as users were getting ready to revolt.  Maybe that’s what Twitter wants, and I’m sure it will make them a lot of money.  They may even gain a large segment of the masses.  Businesses will still flock and so will the money.  I’ve mentioned Twitter’s need to own the UI before, but I argue it’s now too late to be focusing on that.

Twitter could however, have an opportunity to create a new wild west – a new playing field if they choose, a new canvas.  If they do so they need to focus not on the UI, but on the platform and decentralizing it significantly.  Then new opportunities arise such as payments, new service models, search, ad platforms and more that can still make them profitable.  The difference is they’re now spanning the entire web instead of their own walled garden.

I think Facebook started to make moves in this direction as they released Facebook Connect last year, and then Graph API this year along with no restrictions, redacted term limits on storage, and a push further and further away from building on their own UI.  They introduced a new protocol in fact that enables websites to be indexed more properly and enables those websites to more easily bring Facebook connections into the experience.  Facebook is moving from the walled garden approach out into the open web.  Twitter, it seems, is moving in the complete opposite direction, which seems perplexing.

Even Facebook hasn’t hit the nail on the head yet – maybe they’ll make the first move at the next F8 conference.  The next revolution of the web will be when one of these players that currently owns your Social Graph completely federates, creates a standard for others to follow, and then other companies are forced to follow as a result, forcing all the others to rush to find what they’re good at which wasn’t owning your data or social connections.  Then at that point you will truly be allowed to bring your social connections with you wherever you go, allowing for a web with not only no login button, but one where your family and friends follow with you along the way.  That’s a really powerful concept!

Kevin Marks (who led the OpenSocial platform at Google) mentioned the irony in a tweet earlier today of installing the open source social network Diaspora as we were discussing Twitter’s very centralized real time streaming API and federated environments.  I think that Kevin may be part of the revolution and we just don’t know it yet.  If none of these players make a move, it will be the next open source project like WordPress, or LiveJournal did in the early 00’s that will emerge from the dust, gain traction, and the landscape will naturally adapt.  It has to happen – it’s going to happen, and the first big player to do it will lead the way. I’m excited to find out who makes that move and I’m already thinking of ways I can jump on that bandwagon as a developer.

Picture courtesy http://www.thesun.co.uk/sol/homepage/news/article571291.ece

Pornography and Choice – The Dilemma Over the Future of Open

I’ve been following the Ryan Tate late-night rant (language) over Steve Jobs’ desire for a world “free from porn” and his objections therein (while still not completely sure the purpose for his rant).  While pornography was only one of the things Jobs highlighted, Tate, who has no children of his own, seemed to focus on it, considering a world “free from porn” an infringement on his own privacies.  I’d like to take a different angle and share my own views, as a parent of 4 children, and how I really feel the web as we know it infringes my own freedom as a parent.  It also infringes on my children’s own freedom, in the the native choices technology-wise that I have access to in order to protect my children and my family from pornography.  That’s right, I said it (well, I’ve said it before) – the web, while open, is not entirely free.  Let me explain.

Let me start with the point that, while outside this blog I may have my own opinions and beliefs, I am not saying in any way or form whether porn is “evil”, or “not evil”, or whether it is “good”, or “bad” for society.  That is not the purpose of this article, and I’ll leave that for you to decide.  One thing I think we can all agree on however is that, for good or for bad, pornography affects us all, and, as an individual, or father of 4 children, I don’t have much choice in the matter.  Let’s face it – whether I want it or not, my children are going to see porn, probably many, many times in their life, perhaps way before they are old enough to even know what it is.  As a parent, at least the way the open web works, at a native level I don’t have any choice in that matter.  Is that freedom?

Right now we live on a very open web.  It’s a vast web, linked together from website to website, which enables sites like Google and MSN and others to index that content and provide answers to many questions.  We have a whole lot more knowledge because of that.  At the same time it’s a very wild west atmosphere – the very “Net Neutrality” we are all fighting for is keeping any sort of control that parents and families so desperately want for their children from accidentally stumbling on things they don’t want to see.  This is probably why much more closed environments like Facebook are thriving – we’re being given some level of control, as parents and individuals, over this very open atmosphere.  We need an open way to fix this problem.  Or maybe closed is the only solution…

Let me share an example:  My daughter, who is 9 (not even starting puberty yet), told us the story of her friends at school talking about various sexual topics.  She told us about one friend, a boy, who wanted to know what sex was, so he Googled “sex” on the internet, something he knew how to do from school when he had a question about how something works or what something was.  Needless to say, as parents, at age 9, we were fortunate enough to have our daughter ask about this before Googling herself, but we were now forced to give “the talk” to a 9 year old.  I can only imagine that boy’s parents – I hope he talked with them about what he found.

As a father of 4, I’m scared to death what my kids are going to have to go through.  I certainly don’t want to shelter them from the world, but at the same time I want to be the one introducing them to the world, not the world getting to them first.  We need innovation in this area.  I’m worried it’s an area that gets little attention because the innovators in this space either aren’t parents themselves, or have no objections to their children seeing it.  The thing is, this isn’t a “good” vs. “bad” battle.  This is a battle about true “freedom”.  This isn’t about anyone telling you that you can’t watch porn.  This is about those on the web that don’t want to watch it or come across it being able to avoid it entirely, as a native component of the web.

Right now all the solutions out there are hacks.  Solutions like (my favorite – I’ll be doing a review soon) Net Nanny, Norton Internet Security, and others are great at helping parents to monitor what their kids are doing and even protecting them from things their parents don’t want them to see, but in reality they’re just solving a problem the web should have solved in the first place.  Pornography, sexual content, violence, or anything else we, as parents and individuals want a handle over should be elements that are handled at the core of the web.  The web needs elements to identify this type of content, and ways to punish those that don’t identify their content, taking away the overall freedom that is inherent to the web.  The web should be about choice.  It’s not at the moment.

At the same time, operating systems, like Windows, OS X, the iPad, Android, and the iPhone, all need to have layers built in that give parents and individuals more control over the content they want to see.  I should note that Facebook, at the moment, has no way for me as a parent to monitor what my child is doing on the site – I can’t let my kids on it until I have that control.  Don’t even get me started about Google Chat.

I’m not quite sure what the solution is, but we need innovation in this area.  Perhaps XRD or the new JRD and identifiers for content are the solution.  Maybe Google and Microsoft and others that index this content could reward sites with higher search rankings that properly identify their data.  Maybe a “.xxx” TLD is the solution.  At the same time we have to take into account chat, and how people interact online.  Maybe verified identity is the solution in this area.  On the open web we can’t give up on this effort though, or the more closed solutions, like Jobs inferred with the iPad, are going to win, and rightfully so.

Steve Jobs is right, whether Ryan Tate likes it or not – as a parent I am not free on the web right now.  The only freedom I have is to just turn off the computer, keep my kids from learning technology at a young age, and hope they don’t see it at school, or at a friends’ house, or the elsewhere (which they will).  Freedom is about choice – we should all have the choice in this matter, and that choice just doesn’t exist on the web at the moment.  I hope the Open Web can fix these problems before Apple, or Microsoft, or Facebook do it in a closed environment.  Either way, I welcome the extra freedom I will get from it.

From one parent to another:  Thank you Steve, for trying to make my life as a parent a little more “free”.

The Web is No Longer Open

“So it can benefit everyone.”

That’s what a Google employee said today as he tried to explain Google’s recent push to have websites use the ‘rel=”me”‘ meta HTML tags to identify pages a user owns on the web.  It’s not a bad strategy – index the entire web, know every single website out there, and when they change, and now the web is your network.  The thing is, since the “open” web hasn’t had a natural way of identifying websites owned by users, Google, the current controller of this network, needed a way to do it.  Why not make people identify their websites to Google’s SocialGraph network, and call it “open” so it benefits everyone?  I’m sorry, but the “open” web that we all grew up in is dead now that 2 or 3 entities have indexed it all.  This is now their network.

Let’s contrast that to Facebook, the “Walled Garden”, criticized for being closed due to tight privacy controls and not willing to open up to the outside web.  Of course, all that is a myth – Facebook too has provided ways for website owners to identify themselves to Facebook on the “open” web, making Facebook itself the controller of that social graph data, thereby giving Facebook a new role in who “owns” the “open” web.  Facebook has even made known in its developer roadmap its intention to build an “OpenGraph API”, making every website owner’s site a Facebook Fan Page in the Facebook network.  Don’t kid yourself that Facebook wants a role in this as well.  They’re a major threat to Google, too because of this.

Then there’s Twitter, just starting to realize how to play in this game, now starting to collect user data for search in their own network.  Don’t count them out just yet, as they too will soon be trying to find ways to get you to identify your website on their network.

So we’ll soon have 3 ways of identifying our websites on the “open” web.  I can identify my site through Facebook, as you see by the Facebook Connect login buttons scattered around.  I can identify myself in the Google SocialGraph APIs, which, if you view the source of this site you’ll see a ‘rel=”me”‘ meta tag identifying my site so Google can search it.  Who knows what Twitter will provide to bring my site into its network.  Each network is providing its easiest ways of identifying your site within their own Social Graph, and calling it “open” so other developers can bring their stuff into their networks easily, without rewriting code.

I think it’s time we stop tricking ourselves into thinking the web is open at all.  Google is in control of the web – they have it all indexed.  Now that we are seeing that he who owns the Social Graph has a new way of controlling and indexing the web, which we are seeing by Facebook’s massive growth (400+ million users!), I think Google feels threatened.  They’ll play every “open” term in the book to gain that control back.  Of course the new meta tags are beneficial – is it really beneficial to “everybody” though?  I argue the one entity it benefits most is Google.  Yeah, it benefits developers if we can get everyone to agree on what “open” is, but that will never happen.  I think it’s time we accept that now that the web is controlled and indexed by only a few large corporations, it is far from “open”.  “Open” is nothing more than a marketing term, and I think we can thank Google for that.  No, that’s not a bad thing – it’s just reality.

Do these technologies really “benefit everyone” when no other search startup has a remote chance of competing with owning the “open web” network?

Further note:

How do we solve this?  I truly believe the only solution to giving the user control of the web again is via client-side, truly user-controlled technologies like what Kynetx offers.  Action Cards, Information Cards, Selectors, and browser-side technologies that bring context back in the user’s hands are the only way we’re going to make the web “open” again.  The future will be the battle for the client – I hope the user wins that battle.

Image courtesy Leo Reynolds

UPDATE: DeWitt Clinton of Google, who wrote the quote above this post is in response to, issued his own response here.  The comments there are interesting, albeit a lot of current and former Google employees trying to defend their case.  I still hold that no matter what Google does now, due to the size of their index, any promotion of the “open web” is still to their benefit.  I don’t think Google should be denying that.

UPDATE 2: My response to DeWitt’s response is here – why didn’t Google just clone Facebook’s APIs if their intention was to benefit the developer and end-user?

A Christmas Story: OpenID, OAuth, My Home, and Your Privacy

905450_merry_christmasHere it is, Christmas Eve, almost time to celebrate Christmas in all the traditions it brings in our household.  We usually go visit my wife’s family, and then follow it up with telling the Christmas story out of the Bible and then we sing Christmas songs and each of us opens one present from another sibling or family member.  In our household, Christmas is all about spending time with family.  It’s all about home.  It’s all about spending personal time with those you’re closest with and maintaining the traditions you hold private and dear.

Thinking about home and family and Christmas, I realized today there’s a disconnect on the open web right now.  The privacy I mention is available in forms on the web such as Facebook, Gmail (to an extent), and in various forms amongst other web services throughout the web.  However when it comes to real life, there is a missing link when it comes to maintaining the privacy of where you are physically, and sharing that on the web so only your close friends and family know where that exact location is.

For instance, let’s say I want to have a Christmas party for just my immediate family, and maybe some close friends that I know follow me on Twitter or Facebook.  Right now the only way to do that is to either e-mail them each individually and reveal my exact location to each one, or blast it out publicly, potentially compromising the intimate experience we were trying to create.  At the same time I would be putting my family at risk by allowing unknown people to know where they are.

Another example is mail.  Let’s say this Christmas I want to arrange an easier way for my friends to send me gifts.  I publish some of the things I want for Christmas (I’m of course not that greedy to actually do that), and then I need a way to have you send me those gifts.  Or let’s take a more humble approach – perhaps I want to arrange sending money to a friend in need.  Or let’s say it’s my wedding and I want all my friends to know where they can send wedding gifts.  Right now there is absolutely no way you can blast that out publicly without compromising your physical location in some way.

Paul Carr of TechCrunch wrote about this exact issue several weeks ago.  He cited examples of people coming to his apartment for parties or get-togethers (on Halloween in this instance), and all checking in on FourSquare.  Immediately the exact coordinates of Paul could be made available to the world, all without Paul’s permission.  This is dangerous, especially to a writer of a publication whose employees and writers have been known to get constant threats and even death threats on a regular basis!  There has to be a solution.  Let’s move on to a few technologies I think could solve this.

DNS – the Router for the Web

DNS is the technology that pretty much powers the web from you, the user’s perspective.  I mentioned earlier that we are about to see a “war” at the same level as the browser wars of the late 90s and early 2000’s where companies like Google and Microsoft and others are all going to be fighting for a piece of the DNS pie.  Here’s how DNS works: with DNS, you type in a domain name, and that domain name gets translated through a sequence of various “name servers” throughout the web that eventually tell your browser the IP, or location of that content on the web.  Once your browser knows the location, it knows where to retrieve the content it needs to render to you.

The advantage of DNS to you as a user is that you do not need to know where each server is located.  You simply have to know an easy-to-remember name that the web “just knows” how to translate into an actual location (or IP).  You type in staynalive.com and it just knows how to find the servers that are producing the page you are reading this on.  In fact, many domains actually map to multiple locations, so having a single name to remember is advantageous, and provides a routing layer that can easily be changed.  I actually do this with my e-mail address.  jesse@staynalive.com points right now to my Gmail account.  Because I own the domain, staynalive.com, I can easily point that to just about any e-mail provider I like, and I completely control where my mail gets routed.  You the user only have to know the e-mail address though – it doesn’t matter where it ends up.  The web takes care of that based on how I set it to work.

There’s one problem with DNS though – it’s too anonymous.  Right now it’s all or nothing.  If you put something on the web, anyone can find out your location on the web, and in return, anyone can gain access to your content.  At the same time, there’s no way with DNS alone to identify actual people.  Your website just maps to a location, and anyone can see that location without any other measures in place.  Right now if you want to prevent a certain user from accessing your site, you’re stuck guessing just their IP, which they can technically change if they like.  It’s not a real person visiting your site – it’s just an IP – it’s just a location mapping back to your site.

Solving the Identity Problem Through OpenID

To solve the anonymity problem there had to be another layer added.  A protocol called OpenID was invented, which you, the website owner, could “identify” your website with a specific identity provider using just your DNS identifier (or Domain).  With your website linked to an identity provider, you can now use that specific domain (which remember, maps to a location or IP), to actually identify you as a real person.  By simply typing in your domain on participating OpenID-supported websites, they can automatically verify with your identity provider that it is in fact you logging in as the owner of that website.  Now, every website can also be associated with an actual individual, perhaps even more than a location.  Now you know with close certainty that the content my location is producing is actually coming from me.

There’s still a problem with this though.  You can know the content is coming from me.  However, there’s no way for me to control who’s seeing my content.  Sure, with OpenID I could in theory identify each and every person that visits my website as an actual person (assuming I provide the means to do so), but how do I filter that traffic so only those I want seeing my content are seeing it?

This goes back to the exact same problem I was mentioning with real-life locations – privacy.

The Future of the Open Web is Open Privacy Standards

The web still needs better ways to protect user privacy in an open, standardized way.  Facebook has built this into their API but they haven’t standardized it so others can integrate it into the traditional web experience.  You have to be a Facebook user to get full privacy from Facebook.

Currently there are several open standards in the works that are trying to attack this head on.  One of OAuth’s successors, WRAP, which Facebook is very involved in at the moment, strives to do this.  It is also in the vision for OAuth 2.0 (if I understand correctly), another successor to OAuth.  The success of the future Open Web, ironically, lies in privacy.  It lies in customized roles and authorization.  Ironically we’re going right back to the same problems Novell was trying to solve with the Enterprise market back in the 90s, but this time on a much larger, global scale.

Ubiquity

Now, I’d like to take a step back to my little Christmas story, and where especially around the Holiday season, I’d like to maintain a little privacy.  It’s time we stop thinking about just the web itself, and now start looking towards the future where the web, and our real lives are all going to be meshed into one.  Privacy is critical in this not-so-distant future of a world.

For the Open Web to succeed, it needs to be ubiquitous.  It needs to stretch far beyond just the browser and into our every day real lives.  When I was visiting the Kynetx offices last week Craig Burton shared a vision he has, where he sees people being able to go from room-to-room in a house, and having each room identify who the individual is.  Once identified the room can provide a contextual experience in the room itself for that user (adjust the lights, turn on the favorite TV channel, adjust the chair comfort, etc., etc.).  This is another reason I like what the Kynetx team is working on – open technologies must stretch far beyond just the browser!  You will see this in the next 5 years or less, by the way.

My hope is that we can keep in mind privacy, in not just a browser context, but real-life context as the Open Web is growing and being discussed and architected.  I want to be able to give the Post Office my OpenID on an envelope and have them immediately be able to verify my identity and know where to route my mail.  I want to be able to, on a whim, change where that mail is routed without changing the OpenID I give the Post Office.  I want to give certain close friends and family permissions (which I could revoke at any time) to look up my physical location, based on my OpenID if I choose.  I want to only provide my OpenID to apps like FourSquare and have them also respect that OpenID and not reveal my physical location to people I choose not to share it with.  OpenID and at the forefront, DNS, should be the routers, and at the same time, protectors of our physical locations and our real-life experiences.

This Christmas I want a web that thinks beyond its borders. I want a ubiquitous web that travels with me and gives me full power, not just on the web, but in my real life regarding the context I choose to receive.  I want the limits of DNS to go far beyond IP and into the walls of my own home.  Most of all I want all this to happen with open standards.  I want a web that protects my family.

My hope this Christmas is that you can be inspired.  May you spend a little more time thinking about how you can contribute to this effort.  How can you understand these technologies a little more?  How can you sacrifice a little to make the world a little more open?

May you all have a Merry Christmas and Happy Holiday Season.  Hopefully in 5 years I’ll be able to even tell you where I’ll be and where you can spend it with me and not worry about it getting in the hands of the wrong people..  Even in an Open Web, it’s all about Location, Location, Location!

The Open Web – Is it Really What We Think it is?

OneWebDayYesterday was OneWebDay, a day to celebrate the open web and bring more awareness to technologies. I just wrote about one thing Google is doing to make the web more open, something I strongly support.  I want to touch on something Facebook is doing which I don’t think is being fully appreciated.  And it’s not what you think it is.  First, I want you to watch this video – it’s Mark Zuckerberg’s keynote from Facebook’s F8 conference for developers last year.  Don’t read on until you see it or you may not understand what I’m trying to get at here.

In the video, Mark Zuckerberg states that Facebook’s mission is in “giving people the power to share in order to make the world more open and connected place.”   I want you to give that some thought. We’ve always talked about the open web being the opening up of content so everyone has access to it.  That’s the essence of the web. It has no borders or boundaries, and has no controls over it.  That is how it was built and how it should be.  The web is about linking documents to each other, and indexing those documents so they are easily accessible and retrievable by those that want to find it.  The traditional open web is about the power to receive.

Enter the social web.  Now we have all these social networks – Facebook, MySpace, Twitter, Orkut, Hi5, LinkedIn, and many others all striving to redefine the web, each in their own way.  In the end each of these networks is giving a layer to the web which connects people instead of documents and in the end brings people together.  At the same time we’re indexing people, and from those people comes relevancy and documents which others can share with one-another.  Many argue that this method of indexing is even more accurate, because it is spread from person-to-person, and it’s real-time.

There’s one problem with the social web in terms of openness.  People don’t want their lives exposed.  They just want the documents they prefer to share with the world exposed.  In the end, because we’re dealing with people, there still needs to be some bounds of privacy, yet people should still have the control to make what they want open, open. Without these controls, there is no freedom, as people are required to completely expose their lives to reveal even a bit of content with the rest of the world.

This is why I think on the Social Web, “Open” is defined much differently.  I think Facebook sees this. In a social environment, the role of technology should be in making relationships more open, making the ability to share more open, not necessarily the documents people are sharing themselves. In a Social Web “Open” is about how “Open” you are to enabling your users to make the decision whether they want to make their documents public or not, and fully enabling them to do so if they want to.  The thing is, a Social ecosystem is not “Open” if it doesn’t give users the freedom to keep those documents private if they want to as well.

Facebook takes this new layer of “Open” to another level though. As of last year they have been branching out of their walls, enabling other websites to take these tools, giving each website the control to extend this level of control to their own users.  Now websites can take the existing social graphs of users and enable those users to automatically share what they want with their friends, respecting the privacy controls of those friends.  I should note that Google Friend Connect is doing similar things in that realm (albeit with less privacy controls, IMO making it a less “open” or “free” ecosystem to allow users full control of that data).

I think what we may be defining as a “Walled Garden” or “closed ecosystem” may indeed be the actual definition of “Open” on the social web.  Remember, it’s about opening up the control of the user to share all, some, or none of the content they want to share.  The more “Open” a system is to doing this, the more open users are to share data, the more open it is to having their friends see that data, and the more open it is to allowing others search for that data, while at the same time being open to letting the users that want to control that data keep it under closed wall.  The web has lacked this ability until recently.  In a true “Open” Social Ecosystem, if data is not available via search and other means, it is the fault of the users, not the network itself.  Data that is available to the web is the responsibility of the users, not the responsibility of the network itself. I think Facebook is the closest to this definition of “Open” out there right now.  I think that’s why they have over 300 million users and are still growing.

On the Social Web, “Open” is about the power to give.

<img class="aligncenter size-full wp-image-2489" title="I <3 the web." src="http://staynalive.local/files/2009/09/3929246011_9776c72b28_o.png" alt="I

You Don’t Own Your Data on Social Networks

Open - Please Close the Door

I get asked often by clients, reporters and media folk and others about Facebook’s recent Terms of Service updates, essentially saying they own their users data and have a right to do as they wish with their data. They’ve turned around on that and will be releasing newly revised Terms soon, but at least they’re being honest about it. The thing is, any service on the internet you belong to, which includes Facebook, Twitter, FriendFeed, even Gmail, and more, owns your data. It’s their right to change their Terms for their users any time they want, and the only choice you’ll have at that point is to leave the service, or continue on, recognizing what you already knew – that what you’ve stored on their service is theirs to own forever. I think people have come to accept that – they just get all up in arms when it’s thrown in their face.

The thing is, as a brand, you can’t afford for this to happen. Owning, and losing rights to your data can make or break your business. People take risks to be able to take shortcuts and survive by joining such services, and frankly, it’s important to still have a presence on these services because people are talking about your brand and you could be missing out on that conversation. But can you really trust your content on such services? What if Twitter, or Google, or FriendFeed were to pull a Facebook and with the drop of a hat own all your previous data. They are within right to do so – you gave them that right when you signed up for their service.

The Social Web Needs More Open Protocols

We were discussing on FriendFeed today how the new FriendFeed beta, with its real-time nature, is a lot like IRC, and enables people to chat, in a completely new way, in real time. The thing is, it’s not at all like IRC. IRC is an open protocol. It’s software businesses can own, modify, and change to their hearts content. They can wrap their brand around it. With IRC a business has the ability to own the community that subsides within the environment they set up, on their own servers.

Not FriendFeed, or even Twitter enable this capability, which is why if they don’t adapt in the future things will change. Facebook is attempting to address this with their Connect product, and that’s a step in the right direction. Facebook also provides quite a bit of their underlying developer platform code, as open source, freely and openly to the community, also a step in the right direction, but they can always do more.

Keep in mind that this is all about owning your own community. Can Guy Kawasaki set his own rules about what is, and isn’t spammy? Can Leo Laporte provide a Geek-friendly environment for his TWIT Army? Can ESPN provide a sports-enthusiast friendly environment for Football fans, and properly advertise and provide things, in their own way, that those fans would appreciate? You can’t do this on any of the networks right now (with the exception of Facebook Connect).

Laconi.ca is headed in the right direction on this. As is Automattic, and SixApart. They all have their own major services, but all of their services enable you to focus on owning your own community. And even if you don’t have enough control, they provide you the source code to give you the control you need, should you need it. This is the future!

Why does this matter to the end-user?

You may think, well, I’m not a business. I’m just a casual user so this doesn’t matter to me. I’m willing to bet if you’re an Athletics fan, or a Boston Red Sox fan, or a 49ers fan, or a Mom, or even a Dad, that you put much more interest in those things than you do the brand name Twitter or FriendFeed or Facebook. Those things are your real life! Now imagine if those brands started to give you a way you could communicate with like-minded individuals, and what if different brands could talk with each other? This is one reason Facebook is going to succeed, and one reason Laconi.ca is going to succeed, because I can chat in the environment I want, and my friends all still get to hear me! As an end user, and especially a brand targeting that end user, that’s powerful!

This is why TodaysMama Connect is seeing great participation in their new Connect community for Moms. Now, with their service, Moms can connect with each other without having to sift through the massive data mine of Twitter. At the same time, TodaysMama gets to own and control the community in a way that works well for Moms and is inviting for them, while maintaining their brand image. You see the same with Leo Laporte’s TWIT army, and I’m already talking to several other major brands that are considering the same.

How do you control your data?

Will the future be full of everyone creating their own communities of “followers”, competing for who visits their site and embraces the community? It’s possible, but that’s far down the road. We need more open standards. The Twitters, the FriendFeeds, and the Facebooks all need to be providing and leading these open standards and serving instead of being data hoards, becoming network Connectors, providing ways to connect multiple smaller networks with each other. They need to be the directories and the places where people can go to find each community. They need to be the search, and the stream of the “brand-owned” data, and providing as many ways as possible for those brands to completely own and customize the experience for their own communities. Their role is the glue of the Open Web.

Let’s truly make these services the IRC of the Social Web. Thank you, Laconi.ca and Automattic, and SixApart for leading the way.

Photo Courtesy Eric Kilby