We Are Opening the Social Graph
Your lists of friends and connections on the social websites that you use, sometimes called your social graph, belongs to you. No one company should own who you know and how you know them. OpenID, which was born at Six Apart less than two years ago, was successful by embracing a similar philosophy: no one company should own everyone's online identity. An open social graph is just as important as an open identity.
- You should own your social graph
- Privacy must be done right by placing control in your hands
- It is good to be able to find out what is already public about you on the Internet
- Everyone has many social graphs, and they shouldn't always be connected
- Open technologies are the best way to solve these problems
- We're going to release code and demos soon
We believe in openness. We were early supporters of RSS and Atom for content syndication. We pioneered the use of the metaweblog and Atom publishing APIs. We developed the Open Media Profile for OpenSearch standard, which makes it easy for tools to both syndicate and consume custom search results. We helped create, and then quickly deployed the rel="nofollow" microformat to help limit the impact of comment and blog spam. Most of our code is open source, and we've announced a GPL distribution of Movable Type that will be available later this year.
Two of our platforms -- Vox and LiveJournal -- are social blogging applications. In developing and running those products, we hear from our users and customers all the time about the challenges they have around discovering new social networks, registering as a user and identifying people they already know on these new services. We believe that the problems our users are facing are not unique, and that there is an opportunity to use open standards to simplify and streamline the user experience when joining a new service that has social features at its core. This isn't just about making our services better; it's about helping you manage your social network on all of the services you use.
We've been working on solving this problem, and instead of just talking about it, we want to show you what we've learned so far. The final screencast in this post shows an experimental tool we've created at Six Apart to visualize public online relationships.
Sign Up and Sign In with OpenIDMost services you visit require that you choose a username and password when creating an account. Beyond the security issues of using the same password everywhere you go, there are many services that only want to know that you're the same person who visited a week ago. Commenting on blogs is a great example of this; as a blogger I want to be able to build rapport with my commenters and reader community. On LiveJournal I can easily allow my friends who don't have LiveJournal accounts to view my protected content and comment on my entries by logging in with their OpenIDs.
OpenID makes it easy to sign up for a new service, by removing the hurdle of creating a new username and password combination, and entering in your name, email address and other personally identifying information again and again. It is estimated that there are well over five-thousand sites that support OpenID and close to 120 million OpenID enabled URLs.
In this brief 40 second screencast, you can see how easy it is to sign up for BackPack and sign in to Dopplr using OpenID.
Once you've signed up with a new service, one of the most important next steps is typically finding friends who are already there and inviting new friends to join.
Many services today, such as Facebook, allow you to log in and upload your contacts and friends from other services on the web. Facebook allows you to enter your email address and password from Hotmail, Gmail, AOL, and Yahoo! to extract all of the email addresses you've exchanged messages with. While you may not think of this as a security risk with services you trust such as Facebook, a few weeks ago it was shown that giving someone easy access to your email address books can have very unanticipated consequences.
Quechup.com launched a few weeks ago as a new social networking service. With little context for the new service, many people happily gave their Gmail username and password to check to see if their friends were already members. What many of those people did not realize is that Quechup could use that information to email invitations to join Quechup to everyone in their Gmail address book. Lots of unwanted email, and embarrassed apologies, followed.
Once you think about it, it's easy to see how an email address and password can be the key to compromising a lot of other personal data. With their shared login system, a Google Account allows access not just to Gmail but also to a PayPal-like Google Checkout account, managing your advertising via AdSense, and viewing traffic to any of the sites you're tracking via Google Analytics. If your Gmail username and password is given out to a rogue service it might mean that your bank account is wiped, you've started displaying distasteful ads, and the confidential traffic statistics to your site are now fully public.
One of the realities of today's web is that with the proliferation of services, users often share usernames and passwords across accounts. This creates a potential risk: if you provide your Hotmail username and password to find friends in your address book, a rogue service could try to use that username / password combination to log into your broader MSN identity and harvest more personal information about you. OpenID can help solve this problem by reducing the number of passwords you have spread across the web, and potentially adding additional strength at your OpenID Provider such as the services offered by VeriSign, MyOpenID, and Vidoop.
While OpenID helps to solve these problems, the problem itself is larger than just reducing the number of accounts you manage online. Getting to the point of it being common practice for a service to request your email password to invite your friends really illustrates just how bad this problem has become.
Manage Your NetworkWe think that the best way for you to manage your network is to stop thinking about all of the little pieces and to start focusing on the big picture: you and the people who matter to you. We think relationships mean more than email addresses or which service you're signed on to at the moment. So we've created an experimental demo based upon open technologies OpenID, the Microformats hCard and XFN, and FOAF that allow you to see your entire network of relationships in one place - across services, across platforms, across the entire Web.
Interested? Let's see how it works.
Describe Your RelationshipsWhile some services discreetly search social networking sites for profiles given an email address (and then republish that information), that isn't the only approach for discovering people around the web. "Blogrolls" have existed for many years and are a simple way to link to your friends. But you could also use a "blogroll" to link to other places you are on the web. Our own Mark Paschal has done this on his site, creating a list of links on his sidebar that point to his profiles elsewhere on the web. We're currently building a simple Movable Type plugin that will help you create and manage your own "elsewhere list." You can imagine this feature appearing on Vox, LiveJournal and TypePad as well.
These lists can use XFN (a simple HTML microformat) to make these public relationships machine-readable. Once they're machine-readable, web services can make it easier for users to discover friends in a transparent and decentralized manner.
This 40 second screencast shows just how easy it is to use XFN even if you know nothing more than basic HTML.
Sharing your numerous online profiles is great, but real value comes in finding your friends on all of your social networks. This is made possible through the combination of technologies like XFN and FOAF, which together can describe who you know and how you know them. TypePad, LiveJournal and Vox produce FOAF (and soon XFN) automatically, and Movable Type has always had this capability. But it's not just our products -- services like LinkedIn, hi5, Twitter, Yelp and Last.fm all support these technologies.
This minute long screencast shows an experimental tool we've created at Six Apart to visualize these online relationships.
At this point, some of you are asking "Why would I want anyone to know all of this about me? What about my privacy?" Those are the right questions to ask. But it's important to keep in mind that our demo shows only relationships that have been already explicitly linked through use of hCard, XFN and FOAF. These technologies don't follow you around on the Web, "invisibly" tracking your every move. This is not spyware. This is not data mining. The social graph of your relationships already exists - our demo simply lets you see it. Wouldn't you rather be able to see what already exists so that you can better manage those relationships?
We believe that some people will see this as a powerful tool to take control of their privacy and, while we can't predict what forms those controls may take, we think that making the social graph visible is a powerful and necessary first step to freeing people from managing their network of relationships one piece at a time. At Six Apart, we pride ourselves in providing you the best tools for sharing your lives with the people that matter to you, and privacy plays a big part in doing that. Vox and LiveJournal have content privacy at the heart the service, and we are looking at how to provide you with easy-to-use tools for controlling the information you share about your identity, your life and your activities. We recognize and understand that as more interactions move online, not everyone wants every aspect of their life to be exposed to the world.
The Conversation Needs to be OpenedWhile this is academically interesting, we're working on making these technologies real in our products. We're exploring the many different ways we can integrate what we've demonstrated here into Movable Type, Vox, LiveJournal, and TypePad. For example, imagine using Movable Type to define your accounts elsewhere around the web, and then allowing your friends on those services to comment using OpenID and bypass your comment moderation queue. Or using Vox to easily republish the content you've created on Flickr, Twitter, and other such services and share it in one place with your neighborhood.
Finally, if you manage a social networking service, we strongly encourage you to embrace OpenID, hCard XFN, FOAF and the other open standards around data portability. If you use social sites, we encourage you to think about what tools would be most beneficial to your online experience and to blog your thoughts with the tag or category "socialgraph". You'll also find us speaking at various upcoming events including the Web 2.0 Summit, Digital ID World, Web 2.0 Expo Berlin, and Graphing Social Patterns and we'd love to continue this conversation in person. You can also follow these technologies on our product blogs for Vox, LiveJournal, TypePad, and Movable Type. No matter the venue or format, we're excited to move this conversation ahead and look forward to feedback and your thoughts.
24 Comments
you go, David! : - )
The last video is amazing. Waiting your demo. Please release it asap,
Considering facebook and myspace, a lot of users are giving up their privacy all due to the fact that we want a particular service to be free. The question is at what point will someone say, I do not want facebook to sell my information. They are currently removing some of the options for facebook and allowiong outside developers to provide the same service. Ofcourse those developers do not go home empty handed. They get all your private info, which who knows what they do with. Is there such a thing as annonymity anymore??
Manual Trackback:
http://noserub.com/blog/archives/19-Six-Apart-follows-NoseRubs-approach.html
I still find the social graph a little scary. Who's exploiting it now?
Wonderful! I fully endorse this promising initiative. It's about time too. I've been wanting this for ages. Even started the Campfireâ„¢ experiment a couple of years ago, addressing the very same issue.
Please see AardRock Campfire for more.
good news, thanks! Do you believe de-cluttering our social graphs/IDs/attention profiles from the web will help or hinder the semantic web project? ie will websites want to keep people on sites longer and extract more that the necessary infor from them (more code, more structures).
Also re: the portability. The Nielsen announcement about measurement in attention metrics rather than PPC. Portability means less time on sites filling out paperwork.
Found this from Brady's post over on Radar. Thanks so much for writing about this, and especially for pointing to XFN. I'm embarassed to say this was the first I'd heard about it - but the good news is that SmugMug now supports XFN (and FOAF, for good measure). Thanks for opening my eyes!
Blogged and wow. Looks like the kid gloves are off. The message is clear "This will be a standard". So if you insist on having a walled garden and don't want to support this you will simply fade away. This is why sixapart is a great company, they insist on following and embracing the open philosophy.
Great post guys. We need to open up the concept of identity and relationships on the net. We're over here in cambridge, ma working on the same thing!
Excellent post. I have been following the portable social graph discussions on Google groups, and reading your shared links (thanks for sharing, btw!). It really does make so much more sense for individuals to hold their social contact set and for social media and network sites to subscribe to them rather than the other way around. Sort of rss for your social graph.
I liked this post because it introduced me some concepts i wasn't aware of. But i must disagree with the way you use of social privacy in broad way. Maybe i am miss confused but what privacy is that when people uses standard info on public sites and therefore search able and related?
Sounds interesting.
Dirk Olbertz: Nose rub looks great.
Hi Dave. Just published a first draft translation for any french readers. Really eager to test and make this social graph well known in category "cool stuff".
Of course, LiveJournal being open source and people creating patches to enhance LJ's OpenID support doesn't help if the patches are then ignored. (Yes, I wrote the patch).
Is there a good resource somewhere where I can get technical information on some of the new terms? XFN, FOAF and others?
So cool. I am so afraid that I might have some friends out there just trying to find me but looking in the wrong places.
Open standards are a good thing. One small request, though, seeing as you're speaking for 6A: the OpenID support in LiveJournal is clearly tacked on the side of the support for anonymous commenters (and Vox doesn't seem to support it at all, I notice, but I'm not so bothered about that, as I think feature-wise it's an inferior platform to LJ for serious discussions, despite how the two sites are marketed). It'd be nice to have the option to allow OpenID comments separately from totally anonymous ones, and to allow OpenID commenters to user HTML to create links (something which LJ's anti-spam measures for anonymous commenters currently prevent).
Firstly you need to put forth a coherent argument for OpenID. I do not have a problem with it but your post argues both sides of the same coin. It claims having one id+password (Google) for many services is a security risk, then argues that OpenID is good when it clearly provides one id+password to many sites. I mean it is very clear when you state "OpenID can help solve this problem by reducing the number of passwords you have spread across the web" that only means you now have one central password to crack.
But the real point of my comment was to raise questions about the notions first, see here:
http://www.connectioncommons.org/2007/09/28/social-graph/
The nodes in the graph need a unique id which is understood in a broader context than the site the graph is pulled from (at least to have meaning). XFN does not authenticate your claims of other IDs so seems a disaster on the scale proposed. Also what about communication clients, they all have social networks (buddylists)? My suggestion in the above link is to forget XFN Etc. and instead build a public service based on email address!
Was just linked in here from a Reddit comment.
Regarding pealmasa's comment above: with OpenID authentication in place and friend relationships stated in a machine-readable way, you could actually build it into a piece of blog (or whatever) software to withhold content until the user has proved that they are the holder of an OpenID in the XFN list of friends. I discussed this idea here; it's a bit speculative, but I find the notion intriguing, and I'm excited that 6A is committed to actually implementing this stuff in their projects.
One side of me says as a business owner, knowing about a person's social graph is a goldmine, a marketer's wet dream.
As a victim of identity theft recently to the tune of $7500. The other side says, can't I just socialize with my friends in peace without the interference of commerce and a "middleware"? I personally have about 30 profiles on various sites on purpose to protect my identity, although which was clearly not enough.
thanks! for such a good news.An open social graph is just as important as an open identity.
I agree, with Colin. We need to open up the concept of identity and relationships on the net.
Speaking from a user's perspective, I am all for having a single ID to access my favorite sites. As it is now, I use a free mail account not connected to anything else I do on the Web, just for that purpose, but it has none of the features you're describing.