Looking Through the Hype of Scoble and Plaxo’s Facebook Conundrum
We've said it before, and we'll say it again: You should be able to control your data. And your data isn't just the words you write, or the photos you take, but the relationships and connections you make online.
There's been a debate over these ideas for years now, and the new year has been greeted by a variation on the conversation about data privacy and ownership. This time, it's been prompted by well-known blogger Robert Scoble's Facebook account being shut down, at least temporarily, due to his use of an application designed to connect his Facebook friends with his address book by programatically extracting his personal relationship information from Facebook. The application is a still-in-development feature from the folks at Plaxo, who have been working a great deal on open data portability through their efforts around the Plaxo Pulse service. In the course of extracting this information, Plaxo's development version of their script caused an unusually high amount of activity on Scoble's account, and may have violated Facebook's terms of service about using automated scripts to retrieve data from the service.
With the basic facts out of the way, a few important points are worth highlighting:
- The issue here isn't about Facebook or Plaxo -- we've talked to lots of people at both companies over the years, and they generally want to do the right thing, if possible. The issue is how we make it possible for all of us to control our own data while maintaining privacy.
- There is often a tension between best practices around privacy/security and the ability to make data portable, even one's own data.
- Most average people don't (yet) know that they even want to have data portability -- though they are taking advantage of portability daily when they find their friends by importing their address book.
- It is hard to focus on issues like usability and user experience when everyone is still figuring out ways to make data portable.
- The privacy issues surrounding your friends’ data still aren't clear. Even if you can manually write down their email address, does that give you the right to programatically export it into another service?
From those points, you can figure out some really specific examples of why things are so broken right now. For example, Facebook is screwed either way -- if they keep their current policy of prohibiting third-party scripts from bulk-extracting this kind of data, they'll get beaten up for being too closed and proprietary. But if they allow these types of scripts, they are just as likely to get beaten up on privacy grounds, for permitting or encouraging you to enter your login and password information on third-party sites. Either way, it's an ugly headline, and neither scenario serves users well.
Plaxo's in a bind, too -- this is a great feature, since it makes their Pulse service more valuable and makes their users happy. But having to hang on to a bunch of people's Facebook passwords is a liability, and means having the burden of a big responsibility that just sucks time away from interesting things like adding new features. And Plaxo's feature relies on scraping data, which isn't just against the Facebook terms of service, but is the Wrong Way of doing the Right Thing.
But just like OpenSocial isn't about Google or Facebook, the debate over personal relationship data isn't about Facebook or Plaxo, it's about giving you more control over your information.
First-Hand Experience
We've been through this a bit ourselves and put a lot of thought into it. For example, on Vox, we recently added the ability to invite or search for your friends using your email address book. Lots of other services do this, and we could have only done what everybody did and said "throw your Hotmail or Gmail password in here and we'll do the rest"; and that option is there. But, for example, your Google account, which connects to your Gmail address book, can also be connected to your bank account through Google Checkout, or even your social security number through an AdSense account. So, that latest social network you tried out because it got linked on TechCrunch? You might have trusted them to not grab your entire identity -- hope you read the security policy!
Now, our security policies are sound -- we don't store your login information at all and use SSL when you give it to us. And fortunately, we've been in business long enough that people can judge our track record on privacy policies. But we also wanted to come up with the ideal solution: A way to let you import your address book without giving away your passwords. The super high-tech solution we settled on? Plain old CSV files. CSV stands for comma-separated values, and it's the most basic, stupid-simple way of exchanging things like address lists. Now you can easily export stuff that way from Outlook or Gmail or Yahoo or almost anything else without having to give us any of your login information. It's just another example of how thinking through the little details makes it easier to do the right thing.
In the future, though, simple formats like CSV just might not be good enough. As we said when we launched the relationship update stream, we believe that most sites want to do the right thing ‚there just haven't been tools available to make that possible. So in the future, reusing existing open formats like FOAF, XFN, OPML, APML, and hCard, along with open protocols like OpenID and OAuth, will make it easy for all of us to take our data, and our friends, with us wherever we go. This is why we're so excited to participate in efforts like DataPortability.org and see Google, Plaxo, and Facebook join the effort too. That said, follow through is extremely important.
For Next Time
There will inevitably be another recycling of this conversation in the future. Don't let the usual suspects turn it into a "this company vs. that company" story -- whether it's us at Six Apart or the people at Google or Facebook or Microsoft or anywhere else, the companies are not what matters. What matters is that there are some great new things we'll all be able to do on the web once all of the services we use let us control our own information.
2 Comments
Well said David - fully agree!
Chris
From my point of view, as a pretty avid user of social web apps, I think there are a couple of things missing from the way this discussion is playing out in most cases.
1. By "friending" someone on MySpace, Facebook or wherever, you're agreeing to give them more access to you. Generally there are two levels of access - the non-'friend' level and the 'friend'-level. A user has control over what is published on each tier of access so it seems pretty obvious to me: if you don't want someone to have access to your email address or phone number, don't give it to them. Don't give them that access.
Whether or not someone uses a script to manage the information you give them is beside the point. We don't hand people our business cards saying "You may only use this email by manually typing it. You can't put me in your bulk emailing lists."
2. When you give someone your email address (or whatever), whether it's embedded in an image or not, you are trusting them to not abuse it.
3. there are a few advantages to using Social Networking Services' messaging systems in lieu of regular email. One is the ability to communicate with people despite the fact that you haven't given them your email address, phone number, messaging handle or other private information. The other is the ability to 'block,' (and sometimes even flag) a user so that they actually lose privileges.
As users of a networking service, I think making a distinction between running scripts or not, with regard to how I can use the information you gave me, is terribly naive. I mean maybe I shouldn't be able to use keyboard shortcuts for copy and paste either. It's a slippery slope. If we draw the line for how I can and cannot use data that you give me at using software, then how about this scenario: I just so happen to be fairly wealthy and I hire a whole room full of overseas workers to manually manage my contacts, send messages etc... See?
Can I be trusted more because I'm not using a bot? No. Making the privilege of access to your contact information hinge on whether or not I will use software to help me organize it is a bit like saying I may only have your information if I promise to only use it in relatively more difficult ways.
When I tell people about some of the work that's being done to create more universal data formats in the Semantic Web space, they often freak out about privacy, big brother and all that. It's like people believe that if everything is disorganized and harder to use, there is more safety, privacy etc. This is troubling to me. Thank goodness people don't manage their households and personal wealth with this approach to security!
If we rely on disorganization as a layer of security It means that only those with greater access to more powerful tools (whether they're software tools or human resources) can extract and mine the data - data that's already intended to be public in the first place!
Similarly, contact information should be managed via it's point of access, not how it's used. How it's used is a matter of trust and those of us with integrity have reasons to honor the privacy and comfort of our contacts.