Everyone's talking about the need for a privacy oriented Open Source solution for an open social graph

And a lot of people are asking me “Weren’t you doing that four years ago?”

Well yes, I was. In fact I still do.

My company FindMeOn Open Sourced a lot of technology that enables a private and security based open social graph, in 2006

The [findmeon node standard](http://findmeon.org/projects/findmeon_node_standard/index.html) allows people to create ad-hoc links between nodes in an graph. Cryptographic key signing allows publicly unconnected links to be verifiably joined together to trusted parties.

Our commercial service manages node generation and traversing the graph. Even using an account linked to a third party, as ourselves, privacy is maintained .

– [A syntax highlighted example is on the coprorate site](http://findmeon.com/tour/?section=illustrated_example)
– [The way the commercial + open source stuff melds is explained in this image](http://findmeon.com/tour/?section=abstracted)

There’s also a bunch of graphics and images related to security based inter-network social graphs on my/our Identity research site. A warning though, half of it is about monetizing multi-network social graphs:

– [IdentityResearch](http://www.destructuring.net/IdentityResearch)

On that 'Zombie Photos' report…

CNN and BBC have both covered something called ‘Attack of the Zombie Photos’ – an experiment out of the University of Cambridge that tested to see how long a photo that was deleted by a website would really be deleted.

I found the experiment to be incredibly flawed and misleading.

The researches tested not the networks themselves, but internet cache copies. So a network could very well have deleted the image from their servers, but that change(deletion) had not propagated to their Content Delivery Network (CDN) in time — ie: the photo was primarily deleted from their servers, but a distribution copy on another (possibly 3rd party) server had yet to be deleted or timed out.

While the researchers did indicate that they were testing the CDN in a graph, their text barely made mention of it, their analysis none, and they routinely called the CDNs “photo servers” — as if they were the primary record. It seems as if the report was more about FUD ( fear , uncertainty , doubt ) than examining real issues.

You can view the report here : [Attack of the Zombie Photos](http://www.lightbluetouchpaper.org/2009/05/20/attack-of-the-zombie-photos)

My comment is below

> I think this experiment is great in theory, but flawed in practice and conclusions.
You are not testing to see if an image is deleted from the Social Network, but from their CDN. That is a HUGE difference. These social networks may very well delete them from their own servers immediately, but they are not exposed to the general internet because a (often third party) cache is employed to proxy images from their servers to the greater internet. Some of these caches do not have delete functionality through an API, the content – whatever it is – just times out after x hours of not being accessed. It also is often ‘populated’ into the cache by just mapping the cache address onto the main site. Example: http://cdn.img.network.com/a may be showing content for several hours that was deleted from http://img.network.com/a

>Perhaps you know this already – but in that case you are presenting these findings in a way that serves your point more than the truth of the architecture.

>In terms of your inference of the EU and UK acts, I wouldn’t reach the same conclusions that you have. Firstly, one would have to decide that an unmarked photo, living at an odd cache address with no links in from a network identifying it or its content, would be deemed “personally-identifiable data” — I would tend to disagree. Secondly, while the purpose of it may be to “share it”, it would really be “share it online” – and dealing with cache servers and the inherent architecture of the internet , I think the amount of time for changes to propagate after a request for deletion would easily satisfy that requirement. I also wonder if the provision to access ‘user data’ means that it is done in real time or in general. I’m pretty sure all these sites store metrics about me that i can’t see.

>Again, I will also reiterate that we are talking about ‘cached’ data here — and that the primary records have been deleted of the requested data. At what point do you feel that privacy acts and litigation should force the use to access / view *every* bit of data stored :
– primary record
– server caches
– data center/isp caches
– network ( university , business , building , etc ) caches
– computer / browser caches

> Your arguments open up a ‘can of worms’ with the concepts of network optimization. I wouldn’t be surprised if your university operates a server on its internet gateway that caches often requested images — would they too be complicit in this scheme for failing to delete them immediately ? How would they even know to do so ? How could the network operator identify and notify every step in the chain that has ever cached an instance of the image ?

On Terms of Service and Privacy Policy

Elias Bizannes and some other folks from the DP project have started working on a way to unify network legal contracts.

A little over a year ago I set out on the same path, trying to bootstrap a “Social Media Standards” organization. We’ve both come to many of the same conclusions, some differences, and focused on some different areas — as he spent much time with networks, while I spent more time with startups and ad firms.

## Here are some key points

– I don’t think that a universal legal doc is possible, recommended, or even a good idea. All the portability concepts tie in very strongly to a company’s business operations — it’s both unrealistic and arrogant to mandate ‘you will do this!’. However I think clarity and guidelines are in order.

– I propose the following:

– a ‘legend’ of datapoints / concepts , where there is a menu of set options that network operators can choose from
– each datapoint and option has an iconic, easy to read, representation… very much like the CC licenses
– there are several recommended configurations of datapoints & options that have trademarked names
– operators may also create customized configurations that reference individual icons

This approach would gives users the ability to identify and easily read TOS agreements, while affording network operators flexibility. In other words — adopting this system could never conceivably hurt their business.

– Enforceability is an issue, as are the differences in legal concepts and wording between countries. Who can sue? How? Where? My idea has been to use SocialMediaStandards as a non-profit licensing group : networks would be able to say that their legal contracts are compatible with specific legal concepts or iconic configurations offered by the group ; in doing so and displaying the trademarked images , they would be liable to the group under contract law if they should make false claims. This would allow the group to litigate on behalf of end users who would be otherwise unable to do so, and greatly simplify enforcement as some other legal concepts get thrown into the mix. Users would still be able to sue for breach-of-contract, fraud, misrepresentation as well — this would give the group the ability to file suit as well.

– I identified common sets of datapoints , and broken them each into 2 categories : Content and Activity. I think each should be treated differently. Content is what a user directly enters into a network, Activity is the networks’ value-add. ie: I can upload a bio (content) and then there is the number of times that bio has been viewed (activity). For every datapoint, I believe there should be the same – but independant, options to regulate content and activity.

– Elias did something similar, breaking things down into ‘nouns’ and ‘verbs’. There is a bit of overlap on both our concepts, but they’re still quite a bit different.

You can see my concepts [by clicking here](http://www.destructuring.net/IdentityResearch/Essays/2008_06/2008-06-SocialMediaStandards-PrivacyAndTos-InitialThoughts/2008-06-SocialMediaStandards-PrivacyAndTos-InitialThoughts.html)

You can see Elias’s concepts [by clicking here](http://wiki.dataportability.org/display/work/Elias+conceptual+framework)

## On ownership of data

Elias and I fought on this for a while. Then we realized that we were both a little drunk, and talking about the same thing: that a user does, and always should own their content — as afforded by copyright law in most countries.

Where we differ a bit is as follows, and is a bit of a controversial topic:

I believe that it is more than reasonable – and should be required – for a user to enter in a contract with a network , that grants an irrevocable non-exclusive license for the network to use and redistribute uploaded content in the original context once it has been interacted with by others. I don’t beleive in this clause/point for the sake of the network , but for the sake of other users. This concept is akin to publishing a letter-to-the-editor in a newspaper or magazine: you can’t undo things once published; people still have the ability to make clippings of the content. It’s also like loaning a photo to a friend — they may return the original, but copies may have been made and are floating around.

I believe this doesn’t affect the concept or legality of ownership. The user still owns their content, and has all legal rights to it. There is simply a non-exclusive license granted to the network to keep content active… such as in the event that a photo is commented on or added to another’s virtual photobook; or a thread of discourse on a topic doesn’t have key sections missing.

Some people believe that this concept strips them of rights. I believe they are attempting to create rights where none existed before. Once something has become public, become shared, it is impossible to undo it — one cannot take back their own words once they have been heard by others. I believe proof of this exists in the simple virtue that other users could simply screencap or printscreen on this content, and that while technology can allow things to be ‘undone’ it doesn’t mean that it should.

That being said, I believe that networks should require users to enter into a covenant with one another , and the network , to agree that items should be forever published. I also stress that contracts like this are more important for the other users as they are for the network.

Why Portability ?

Last week I had the pleasure of meeting up with Elias Bizannes of the DataPortability.org project a few times.

One day he asked me: Why portability ?

This was my answer:

Data portability is a trick, and a really good one at that. It’s not the be-all/end-all solution some make it out to be; while it offers some groups important advantages, to others it is more than threatening to their business concerns. What makes the concept of portability incredibly interesting, and brilliant in some ways, is the necessary balance of all concerned parties to actually pull it off. At it’s core, portability is far less about the concepts of portability and than it is about the democratization and commodification of Social Networks.

Portability is presented as a good thing for users, which it undoubtedly is on the surface. But- and this is a huge “but”… there is the an all important sell-in to the networks — they who actually have to implement ways to users to port in and port out. This offering to networks is complicated, because while porting ‘in’ makes sense, porting ‘out’ is an entirely different matter — and one that may be detrimental to a business. More importantly, while open standards and ‘libraries’ may be free, there are real and serious costs with implementing portability:
– engineering and coding costs : using architects, developers and network engineers to integrate these libraries and APIs
– administrative costs : making sure portability works within current legal contracts, creating new contracts, etc

Small / Niche networks look towards portability as an amazing opportunity — with a few clicks they can import thousands of new users, and for small sites integration can be a matter of hours. Under this premise, it makes sense for smaller groups to abide by the democratic principles of portability, and allow for information to port-out as freely as it ports in. There is no real downside

For Medium networks, or Large networks that have lost their prime , portability is a chance to streamline customer retention methods. By keeping profiles up to date, these networks can seem more lively to new users ( i.e. no more messages that read “Last updated in 2004″ ) — and they offer existing users the ability to browse the same unified & standardized data in a comfortable environment.

The concept of unifying & standardizing data resonates very well with me — I first tried to convince people this would happen in 2006, and in 2009 it has finally started to catch on. It’s really amazing seeing this happen. Before the advent of social networking, networks competed with one another based on their userbase — people migrated from network to network because of who was on it, a mixture of critical mass and critical usage; popularity of online networking, portability and network integration efforts have completely shifted that. Users and content are now the same no matter where you go – and this is increasing at a faster rate. Networks now compete as a layer of user experience and user interface for this data.

For network operators this can — and should — be liberating. The emancipation of users allows networks to stop wasting resources on antagonistic retention methods that lock people into their network… freeing internal resources that can be spent on product improvements, making it easier and better for users to share , connect and interact with others.

Simplest put, networks should focus on making products that consumers WANT to use, not products that consumers dislike or despise yet are locked into using for some reason. Whether they’re pushing for portability or not, virtually every social network or other consumer website is doing this right now, and its sad.

The allure of portability to large networks is an entirely different story. On the surface, portability offers little or no advantage to large networks. As sheppards and herders of massive userbases, networks rightfully fear openness as a way to lose the attention of their users. In deliberate steps, and under carefully controlled conditions, large networks have begun to test the waters… dictating how people can use their network off-site through platforming and ‘connecting’, and offering incredibly limiting export options.

Pundits like to use the term ‘opening the gates’ or ‘tearing down the walls’. I liken this form of tempered portability to ‘testing the waters’ and ‘opening a window’. Large networks are not embracing portability, they’re trying to simulate it on their terms , in ways that best leverage their brand identity and commercial offerings to retain consumer loyalty.

I personally think this is great — but it shouldn’t be called portability or ‘opening up’; this is simply a relaxed posturing.

What I dislike are the grand PR and marketing initiatives around large-scale ‘portability’ efforts. The large firms are all stuck in a cyclical pattern where one group ‘opens up’ a bit more than the last, forcing another group to try and outdo the last. This behavior of metered and restrained openness, and the creation and advocating of new ‘open’ standards that primarily drive the creator’s brand instead of users… this isn’t portability, this is sportability.

Portability and the true Open isn’t about half-assed , ill-conceived standards and initiatives that were designed to create PR buzz and just be open-enough to seem like a viable option. Portability is about getting stuff done with the right product, and putting the user front and foremost. We’re unfortunately left with a market-driven approach, where the large networks are in competition to release the least open standards they can, while still outdoing their competition.

While all of this is happening ‘on the surface’, there is a seedy underbelly to all this. Large networks realized an opportunity that they have all been looking towards and investing in — one which may not be so user friendly. Increased portability and inter-connectedness mean an opportunity for better consumer profiling — one that translates to higher better audience measurements and targeting, offering the chance for significant improvements in advertising performance. Portability offers networks a diamond in the rough. I had spent several years through FindMeOn developing audience profiling/targeting concepts, and quantifying the market opportunity and potential effects — they are huge. This should be rather unsurprising — you may have noticed that the largest proponents of portability efforts over the past few months are subsidiaries or sister companies to some of the world’s largest advertising networks and inventories.

As a quick primer: Social Networks make their money (if ever) either through subscription or advertising models; most are forced into ad-supported models because consumers just won’t pay. Ad supported models are at an odd moment in history right now: users have become so accustomed to ads, that they tune them out completely — dropping CPMs sharply. The transactional model of ‘do a task, watch an ad, repeat’ was overused to much, that it became ‘ask do a task, ignore an ad, do the first phase, ignore another ad, do another phase, ignore another ad’; no matter what networks do, the previous over-advertising has made a generation of users wholly oblivious to advertising — sp some social networks can only get 5-10¢ to show 1k ads of remnant inventory, while others can charge $3 to show the same amount of targeted ads. While that might look like a decent improvement, online advertising elsewhere is doing far better. Behavioral networks can often charge $10 CPM if they hit a user on a content site, and niche sites or strongly branded properties where ads are purchased as a mixture of direct and endemic advertising can generate $40 or more per CPM.

Social networks are left at an odd crossroads today: once a network grows to millions of users, the brand simply isn’t focused enough to be to offer reputable or effective endemic advertising; nor is the property likely to be niche enough to command premium CPMs for placement next to highly relevant content. Networks are unfortunately left with behavioral advertising – which should (and would) be doing better right now, if it weren’t for the overexposure/fatigue that users feel. However, portability efforts offer networks the chance to greatly improve behavioral advertising relevance.

So to summize my answer to the original question posed by Elias…”why portability ?”

> 1. If you’re a small or medium network, you’re going to pick up users.
> 2. If you’re a larger network, having your standard/platform adopted can result in market domination
> 3. If you’re a larger network, you have the potential to improve advertising revenue

Perhaps more than a decade in online business and advertising have left me a bit jaded, but I see little that is particularly grand or noble in these efforts. We’re not talking about curing cancer… we’re talking about making it easier to share photos, comment on things, and improving advertising. For industry professionals like myself , these are really exciting times — but let’s do each other a favor and tone down the idealism a bit and admit to / talk about the factors that are really driving all this. Maybe then we can start taking some real strides, instead of all these tiny little baby steps.

Collecting my thoughts on data portability & open systems

Last week I had the pleasure of meeting up with Elias Bizannes of the DataPortability.org project a few times.

We got to nerd out about different concepts – and our positions – on the overarching theme of integrated networks… and I thought I’d use my photographic memory (even when drinking Bookers’ all night ) to share my thoughts and some of his comments. That didn’t work out too well — or perhaps it did, as my recollections were fueled with bourbon.

In all seriousness, I haven’t spoken with most people on any of these concepts in at least a year, so it was completely fun for me… and given all the recent developments in this area, its nice to see how some attitudes have changed and new concepts have begun to take shape.

Over the next 3 days I’ll release a section of my thoughts in different areas. I like planning out postings like this — it gives me something to look forward to in terms of writing !

Facebook owns my Social Graph… It shouldn't

###Key points:

– Social networks position themselves as new addressbooks
– Social networks decide their own Terms and Conditions of use. That is OK
– Exiting users not given the ability to remove shared content from site. Not OK
– Remaining users left with holes in addressbook. Not OK.

### Main Article

Facebook, LinkedIn, and various other Social Media properties have been fighting hard to monopolize user’s online time and become their de-facto addressbooks and ways to share photos. While these applications have proven to be a great tool for consumers, current practices and policies by the parent corporations have determined a ‘reliance’ on social networks a danger.

It’s time for consumers and corporations to rethink their use of social media.

Recently an industry colleague, Stephanie Frasco, had her account disabled by Facebook. I’m not going to comment on why it happened or what triggered it – it is up to Facebook to set their Terms of Service and make judgements on user activity, and I respect that.

What troubles me is the manner in which her account was disabled – and the ramifactions of it on online communities.

When Stephanie’s account was disabled, she lost her data ( or at least any sort of access to it ). This didn’t just mean that she couldn’t message friends through Facebook or play a third-rate Scrabulous clone called ‘Scrabble’ — it meant that Stephanie could no longer access the phone numbers, email addresses, postal addresses of her friends through the network. It also meant that she lost the ability to access the photos she posted online – or the ones friends had tagged her with. When her account was disabled it wasnt limited to ‘read only’, she wasn’t given a window or ability to download her content, she was simply disappeared… silently, quickly, without a blink of an eye.

Seasoned industry people will laugh “Well that girl was stupid — she should have had a non-Facebook listing of all her contacts people.” Seasoned industry people are smart like that – they don’t rely on Facebook or other websites to exclusively handle contact info… but social media properties are actively promoting themselves to the 100million plus non-industry users as their new online homes — and their new online addressbooks, to overtake their default pen&paper, computer and even cellphone versions.

What troubles me even more about Stephanie’s case, is that not only did she lose access to Facebook… but I lost access to her.

Contact Info on Social Networks is like a double edged sword: information is rarely entered by a user into their own addressbook, instead someone else’s information is incorporated into their social graph. This results in an addressbook that is always ‘up to date’ — but offers out-of-sync details when a user abandons an account or loses entries when a user deletes their profile.

People often ask the question “Who owns the Social Graph?” I recently wrote an 8,000 word primer / whitepaper on the legal and technical aspects of the subject, along with best-practice recommendations on ToS and Data Portability for FindMeOn’s corporate clients. ( It will be public soon folks! It’s getting a final review right now ). One of the largest hurdles to Social Graph portability that we discuss is access and sharing in relation to copyright and contract law ( i.e. what can be shared and under what conditions )

In the Frasco/Facebook case, those questions weren’t raised to my satisfaction. Facebook simply stated “We own your social graph”.

Except Facebook didn’t tell Stephanie that… they told it to me.

When Facebook disabled Stephanie’s account, they didn’t just keep her from logging in to their walled garden — they removed her from *my* Social Graph.

I no longer have her updates , postings, content that she shared… with all of Facebook or even with me. Facebook was nice enough to keep her imprint in my inbox and messages, although with an ’empty’ link and profile photo. ( which, incidentally, is one of FindMeOn’s recommendations for account closings ). However, she’s not in my addressbook – I can’t click her info and send her an offline email, I can’t see her in my friendlist, I can’t use Facebook as way to interact with her outside of Facebook.

What Facebook should have done, was to freeze her account as is. Within the constraints of the Privacy Policy / Terms-Of-Service , Facebook should have kept as much of her information active and available as possible — not as a service to Stephanie, but as a service to the 100+ users that incorporated her into their social graphs. At the least, Facebook users should have been sent an email stating “Person X in your addressbook has left Facebook. You have X days to copy/transcribe information that they made visible to you.”

Instead, what Facebook did was say “We own your addressbook. We own your Social Graph”.

I say “Not anymore”.

It is absurd and overly arrogant that Facebook has decided to say who can and can’t be in *my* addressbook. Not only am I limited to having an addressbook of people that ‘want’ to join Facebook’s walled garden, but now I learn that addressbook may be shortened as they prune network membership to their desires.

I’m glad that I keep my contact info off Facebook and up-to-date manually — and I pity people who do not.

I used to think Facebook was neat — but now I STRONGLY question it’s utility. What good is a tool that lets you manage contacts/relations, when it dictates which contacts/relations you’re allowed ?

Thoughts on Open Source, Open Standards, and Online Advertising : Data Sportability Pt 2

In 2005 I started FindMeOn after noticing some serious flaws in the use of OpenID. The base of the system grew out of the identity & publisher syndication components of a music website I had been working on with friends for a few years. When the music project went on hiatus, I decided to flesh out the identity system into its own entity. I wanted FindMeOn to be a full-fledged standalone / open source project to allow for secure online identity management/syndication because I truly cared about that, and no one else did at the time. On the flip side, years in marketing taught me the marketing value of information identity could deliver — so the system was designed to create a revenue model that gives brands & ad agencies better insight to their consumer distribution across networks.

From late 2005 to mid 2006 I met with dozens of agency execs, online experts and VC investors to vett my concept, and I learned my monetization scheme wasn’t enough — everyone required a higher monetization potential from it. By April 2006 the answer was clear: FindMeOn was not just going to offer cross-site information for dispersion intel, but for social demographics and online advertising… selling targeted advertising or media planning services.

I spent the next few months learning how the entrepreneur in me could reconcile open source beliefs with unadulterated american capitalism.

Maybe I’m wrong, won’t you tell me if I’m coming on too strong

With this in mind, I offer the following industry commentary. Keep in mind that this is pure conjecture from research and analysis; I can offer this only as insight not fact — but I am certain that it is accurate.

As I mentioned in my followup to DataPortability Podcast #5, The Facebook management team was absolutely brilliant in concepting their API strategy. I will easily credit them with getting the whole portability thing rolling by releasing their API – which set the precedent of a platform API that users and developers would adopt en-masse. It was working so well, that Facebook was gaining tons of user activity within-site, and gaining new developers to build applications FOR them. Facebook was also becoming a much bigger threat to their competitors than previously thought…

MySpace and the other major social networks suddenly had an entirely new level to compete on. While these other networks were constantly shifting between friend & foe with third party developers ( blocking their widgets, announcing partnership deals, repeat ), Facebook – who previously kept all widgets off their network – suddenly had a dedicated & robust *platform* dedicated to widget/app developers that was the darling of the internet community. Facebook was suddenly making developers happy, users happy, and — most threatening of all — showing a giant head start in this new ‘economy’ by seting the bar.

Lurking in the background was a stealthy figure who was realizing they would soon need to compete against Facebook: google. Why? Well, the search/advertising giant wasn’t worried so much about Facebook as a Social Media competitor, but what intelligence gleaned from Social Media could power — online advertising.

Here are some neat facts about the social media advertising market in the US in the Summer of 2007.

– Social Media advertising is the largest growing segment of internet advertising — as its the largest growing segment of the internet ).

– The 2008 projections for social media ad spends are around 800MM; the 2009 projections are 1300MM; and 1900MM in 2010.

– Social Media is probably the worst performing sector of online advertising. As an illustrative figure: its responsible for 90% of impressions, but only 10% of revenue.

A well optimized online publisher, like the New York Times, commands hefty eCPMs ( effective costs per 1000 ad impressions ) – upwards of $20; with a rumored $85 eCPM page monetization. MySpace is somewhere between .10¢ eCPM for a generic buy to $2.00 for an ultra optimized query — not very impressive.

Facebook has long been one of the best monetized social networks, consistently demanding eCPMs in the $1.50 to $8 range. A rumor was circulating in the Summer of 2007 that the Palo Alto firm was developing an off-site advertising network to display ads across the internet based on cookied data off their users. This is what Google was scared of.

As more population demographics adopt the Facebook platform, this rumored ad system increasingly jeopardized Google’s position as the internets premier ad network. Even more troubling, Google knew that Facebook had the talent and power to develop this competition — they weren’t just a large firm, but recruiting the new employees Google wanted first, and even hiring key staff members away from Mountain View.

There Ain’t No Second Chance Against The Thing With Forty Eyes

Google and MySpace had to respond – and act fast. So they come up with a daring little plan: they teamed up together to sketch out a competing platform, roped in a couple of other networks who were threatened by the burgeoning Facebook, and wanted to beat them with sheer numbers. Since Facebook had a ‘closed’ platform, Google decided to ‘open’ things up to foster more adoption with tons of “open standards” and “open source” — even calling their system ‘OpenSocial’. Through the use of the word “Open” everywhere, and multi-network capabilities, the new alliance of ‘once-enemies , now friends’ gathered against the mighty Facebook would hopefully woo more developers to the ‘OpenSocial’ market — stagnating Facebook’s platform growth.

As a quick side note, Google’s OpenSocial project kind of sounds like a whole lot like FindMeOn’s “Open SN (Open Social Network)” in both function and name. One would think their army of patent and trademark lawyers would have ‘googled’ their own product ideas for clearance…

Since everyone was trading punches over being more open and more awesome than the other guy, Facebook quickly had an equally brilliant reply — they subsidized free hosting through a partnership program with Sun and Joyent, started giving out cash grants to spur development, and their backing investors started a new VC fund focused solely on Facebook applications. Take that! said Facebook as a sea of developers eagerly built products for their platform.

You’ve got to roll with the punches to get to whats real

Over the next four months, a plethora of large scale announcements would come from Google and Facebook as new players jumped into the fray.

Google decided to make OpenSocial a non-profit venture to bolster PR, even pulling in Yahoo to the relaunched initiative; the announcement was met by the praise of many tech-pundits, who talked about how wonderful the concept of a non-profit was. Predictably, everyone likened the initiative to civic minded non-profits – and none suggested the more relevant correlation: non-profit registered industry lobby fronts like the ‘National Smokers Alliance’ or ‘Global Climate Council’ that pipe tobacco and oil dollars into misleading consumer campaigns. Who can forget 2007’s hit webformercial “Carbon Dioxide: Some call it pollution, we call it Life”.

Nothing short of a ‘pissing match’ started between the large tech giants. In an almost round-robin fashion, each company would announce a new product that somehow ‘outdoes’ the last announcement from a competitor. Facebook expanded privacy controls, Google announced a ‘Social Graph API’, Microsoft jumped in with their ‘Windows Live API’, MySpace teamed with Yahoo and eBay to do ‘Data Availability’. Every other week, a new batch of PR announcements and partnerships are released — all accompanied by a hastily created set of documents, big-name backers, and incorporating one or more open standards while creating a few of their own.

These initiatives have been so hasilty and half-assed designed, that I wouldn’t be surprised if we soon learn that half of these products came solely out of the marketing departments, and the technology teams never saw anything until after a press announcement.

Today, *everyone* has an Open Standard and an Open Platform — myself included — which begs the obvious question: what good are open standards and platforms, if everyone has a different one? And are things really open when their main purpose is to further a proprietary system?

Perhaps more importantly – how many of the tech giants have collaborated with third-party developers to define these new Open platforms?

The industry’s modus operandi seems to be

1. BigTech decides what to open up and how
2. BigTech invites top widget makers / networks to be launch partners
3. Third party developers are then told “So this is how you’ll use it. Welcome to the new status quo. Happier?”.

Now I could be wrong — I’m three thousand miles removed from the SF bubble where all the ‘Open’ decisions are made — but I’ve yet to hear of any interactive agencies, dev shops, or brands who build/finance most of the ‘widget’ development being included in these conversations. I’ve been meeting with them non-stop to try and rectify that — and as of yet, no one I’ve met has even been polled by a large ‘platform’ for their input.

Thoughts on Open Source, Open Standards, and Online Advertising : Data Sportability Pt 1


This is the first part of a series that I have been working on for a few weeks. The current combined text is 6,000 words – so I’m releasing it in sections.

Apologies to those who have been expecting this sooner — I originally wrote this in early/mid May, but have been busy with business too much to work on editing.


I’ve been using a new term when I talk to people of the internets: Data Sportability. I use it to describe how sporty and flashy ‘data portability’ is, and how that flashiness and sportiness is the true essence of this new ‘movement’ (note: I mean the general movement of data portabality, not the Data Portability working group.

The utopian pitcure of interconnected networks… with data sharing, integration and portability abound is indeed something beautiful — but its just a veneer. Beneath the surface, or more aptly ‘under the hood’, it’s a vicious fight over who has the fastest car, the biggest engine, the latest fuel-injected cooling systems… you get the idea.

Like most services on the internet, Data Sportability isn’t about the end user, it’s about the big networks and service providers… and who has the coolest car.

I’m hoping it picks up, so people other than my friends know what I’m talking about.

Interested? Read on!

Too hot to handle

Unless you’ve been living under a rock, “Data Portability” is hottest thing to hit the internet since the Paris Hilton sex tape… and as we all know in Paris’ own words, “That’s Hott!”. Also very much like Ms Hilton, portability is nice and pretty on the outside, but deeply troubled on the inside.

Here’s a quick history lesson-

Two years ago, the internet was a pretty different place than it is today. There were only a handful of major social networks, and most people ( users, pundits, experts ) looked at minor networks, niche ones (example: CafeMom), and social applications (example: LastFM, Flickr) with utter contempt. The major networks were also doing everything in their power to ‘lock’ users down into their systems — completing blocking images/videos/widgets etc from appearing on user pages whenever a service like YouTube or PhotoBucket had a popularity spike.

Thanks to technical innovations that lowered the barriers to entry, and whitelabel services like Ning and KickApps, everyone and their mother has a social network of their own today.

To maintain the loyalty of their userbases in then tens of millions, all the major players are quickly adapting with standards, platforms, and press releases touting how ‘open’ they are. Companies that recently charged users through subscription models to access their walled gardens are suddennly embracing openness, and pushing for new paradigms in the industry. And the pundits and network evangelists… they simply *love* talking about integration, open standards, and data portability ( as either the base concept or the new standards group ‘DataPortability.org’ ) — but that only raises the obvious question: why have so many groups gone a complete 180° turn?

The popular response ( aka: the public relations soundbite ) is that the networks are now proudly putting their users first; that we’ve all grown together, learned from our mistakes, and the old marketing department heads / decision makers have been replaced with new evangelists… embracing open standards and cooperation; Rainbows are everywhere and unicorns have magically appeared, frolicking in the streets.

Kool-Aid seems to be the most popular drink around.

It’s all about the benjamins

Let’s be real for a second- the social internet isn’t about connecting people, it’s about monetizing their experience. Anyone who tells you otherwise is lying or stupid.

Once upon a time (or just nine months ago), Social Networks weren’t all that different from cellphone carriers in the way they operated — they locked you into a contract/network, made it a pain-in-the-ass to communicate with people on other networks, and basically held you hostage to not leave. If you manage to finally figure a way out of their maze, they magically offer you every single premium imaginable to stay.

A few years ago US the cellphone industry got regulated – users could finally port their phone number from one carrier to another. Citizens embraced this as finally seeing progress… but they didn’t realize it was at the expense of some shady stuff behind the scenes thanks to line items and back-room deals from industry lobbyists. After years of resistance the networks didn’t actually ‘cave’ in… they knew they eventually *had* to give in, so they figured out ways to handle it on their terms — protecting their end interests.

Data portability is pretty much the same, perhaps a bit more duplicitous… as a ton of extremely corporate interests are neatly packaged in a pretty little user friendly PR campaign. Data portability isn’t about empowering a user, or promoting open source and open standards — it’s about data mining, user tracking, and advertising efficiency.

I know because I’ve been there, I’ve done that; I helped write the playbook. My company FindMeOn was one of the first out of the gates selling the ‘Data Portability’ illusion — and over the past 9 months, every single big tech firm has gone through the exact same growing pains and learnings curves we did: they’ve released the same exact technologies, in roughly the same orders, even using roughly the same names.

So I’m going to talk about what FindMeOn was really up to all along, and explain what the new players in this arena are really doing — it’s anything but the grand illusion of user control. In the process I’ll predict the next few developments from bigtech, dispel some illusions, and recontextualize this faux openness into what it really is – internet marketing, plain and simple.

Some may point out dozens of pundits and developers who have only the best intentions. To that I say: sure they are — but look who pays their bills and is funding their research, it’s for a reason!

Is OpenID actually Open?

Note: There are updates following this posting

This has troubled me for a few years now…

I just asked the DataPortability group for clarification… but in a nutshell ( and reprinted below )

To-date, I’ve been unable to find any sort of licensing attributed to
the OpenID or oAuth specs.

To the best of my knowledge:
– neither has been explicitly placed in the public domain
– neither has been submitted to IETF, thereby covered by its IP
– neither have released a CC or OSI license with their specs

The only licensing statements I’ve found in OpenID are in regards to a
non-assertation agreement and transfer of copyright to the OpenID
foundation. The foundation uses the goal “The goal is to release
every part of this under the most liberal licenses possible, so
there’s no money or licensing or registering required to play.”
However I see no license on any of the specs, just on the
implementation libraries.

Correct me if I’m wrong here, please… but shouldn’t these projects
have some sort of open licensing on their specs ? Microformats, APML,
XFN, FOAF, RSS all explicity use CC licenses on their specs. RDF is
covered by W3C. OPML has what seems to be a CC-noderivs. XMPP is
covered by the IETF’s IP policy.

Going by US Copyright and Patent standards, copyright is implicit and
technically rests with the authors/foundations; and technologies may
be patented until 1yr from date of initial public disclosure.

So my questions are:
1. Are there hidden open licenses or public domain placements that
I’m just unaware of ?
2. If there are no explicit open licenses on these:
– what does this mean? It’s great that the implementations are
license free, but could they be construed as violations of copyright /
patent / something at a future point ?
– how are two of the most popular ‘Open Standards’ the only two
without any sort of prominent licensing on their specifications ?

Basically, every single OpenStandard out there — even FindMeOn’s OpenSN ( Open Social Network ) and
findmeon node standards , have CC licenses ( usually share-alike, or attribution/no-derivs ), are covered by the IETF’s liberal open IP policies, have some sort of OSI comparable license, or are put in the public domain.

OpenID, and interestingly enough oAuth, have no licenses whatsoever.

Libraries of / implementations of the specs are released under OSI licenses, but the spec’s themselves have no visible licensing terms at-all.

How in the hell did both of these protocols get so popular – and backed by large companies – with nebulous licensing terms?

More importantly, is OpenID actually open?

Update #1: Gabriel Wachob has pointed me to https://agree2.com/declarations/oauth-non-assertion-covenant — in which the oAuth authors license the spec in with a CC license. I suggested he migrate that license to their actual website & spec , as every other project does. oAuth is definitively open.

Data Sportability

It’s nice to see everyone joining the portability and open standards bandwagon, and with such breakneck speed. It’s also great to see a complete 180° turn for many people involved — it wasn’t too long ago that many of the newly outspoken proponents of these concepts were the ones maintaining and enforcing the walled gardens of social media with an iron fist, holding users and third party services hostage at their leisure.

All the traction this movement has been gaining has made it very easy to get excited — quite a lot has happened in the last few months, and people are often still lauding some open technology just as its successor or complement is released. It can be quite difficult to keep up with, and amidst all this celebration a few important concepts have been lost or sidelined. I think we’ve come to a point where we all need to slow down for a moment and take a good look at the recent technologies and instead of blindly celebrating them, start asking some tough questions: like what are the implications of this, and why are they being created so quickly in the first place?

If you chat with industry pundits, read the blogs, even open up a major newspaper, you’ll quickly notice that data portability is all the rage (the general concept, not the ‘DataPortabilty’ working group). People love talking about the new efforts in interconnectedness on the internet — the ability to meld content and relationships across social media outlets, and the positive strides the industry is making. If you talk to a product manager or blogger ‘in the scene’ for a few minutes minutes, you’ll note how similarly they mimic an eleventeen year old girl talking about puppies, ponies and rainbows ( and ice cream! and unicorns! and rainbow sprinkles! oh my!).

Looking beyond the gloss of portability, there is a much more pervasive méme to the industry — the new marketing culture driving the open initiatives, Data Sportability. Before people can even hash out what products really are, we see fancy marketing jargon around corporate initiatives, an endless array of shiny new products and services launched one-after-another, and a figurative pissing contest between large technology companies trying to ‘outdo’ one another in terms of portability options and open standards. While data portability might be about getting people to join the bandwagon… Data Sportability is everyone trying to have the fanciest and flashiest wagon in the train, with hopes people will flock to it more so they can go off in their own direction.

When people can step back from the celebrations of technology, it is painfully clear that the new push for open data initiatives are not so open, well intentioned, or in many cases not even well thought out. I think it’s about time we put an end to Data Sportability and end this trend before any real damage is done.

Over the next few days I’ll be releasing a series of articles based on dispelling Data Sportability, using my company FindMeOn as the context. In 2006 we released FindMeOn.com and ‘Open Social Network’- a consumer site and set of open standards promising secure, privacy minded social network integration… which was really just a testbed for our ‘next generation’ social media advertising platform. In late 2007, Groups like Google, Yahoo and Microsoft started releasing similar products, under similar names, and going through all the same ‘realizations’ and growth spurts as our products.

Common Sense Truths Behind Portability

A preview.

The Open Movement is a Shell Game
Open Source and Open Standards are absolutely meaningless when their point is to sell in proprietary platforms and services. Google, Facebook, Windows, MySpace, etc. are all promoting *their* platformed versions of portability. This isn’t a goodwill effort, this is an arms race for technology, users, and a market leadership position. Corporations are also very much focused on what THEY get out of being open — not end users; they’ve done a 180° on portability for a reason, they figured out how to monetize it.

Beware the Wolf In Sheep’s Clothing
Being backed by, or creating, a non-profit is nothing more than a PR stunt. Lobbyists have been doing this for yers to mislead consumers on the behalf of the Tobacco and Oil industries. Being a non-profit doesn’t mean that you’re searching for the cure to cancer, or developing cross-platform software under the MIT license — it just means that your organization *as the organization* is not focused on creating corporate profits for itself. Groups like “OpenSocial Foundation” are industry associations of large social media stakeholders and advertisers – they’re not coming together to save children, they’re coming together to optimize their businesses.

The road to hell is paved with good intentions
A lot of portability people mean well – but its important to view these innovations as the struggle they are — corporations are looking to monetize, technologists are looking to quickly adopt and push forward with every new innovation. When the dust settles and the novelty begins to wear off, a mess is often left behind. In politics, people talk about ‘inside the beltway’ — a disconnect between the political system and the people it represents, created by secluded and self-reinforcing culture of its members. Technology is the same way — technologists have the mindset of early adopters – and people who try to live their lives outwardly across all mediums; the average internet user is vastly different.

I recently got into a heated argument on the DataPortability group’s mailing list, when I was incensed by the lack of discussion covering user privacy ramifications of OpenID adoption — especially in a so-called ‘what could go wrong?’ panel discussion that was scheduled. From a consumer and corporate perspective, I am *deeply* troubled by the conflation of online account information and relationships hastily integrated systems promote.

Most people failed see any issue where a large one exists; a small subset of people saw the issue and replied something to the extent of ‘well some of us do care enough, and have implemented privacy constraints in our software’. My response: why is this not the default? why isn’t everyone adhering? why am I the only one questioning this?

More than meets the eye
People are pushing data portability for a reason – monetizing openness. The monetary layer in data portability isn’t in being an open service, or providing a platform service… it’s in analyzing and applying cross-network user intelligence for internet advertising. Open platforms aren’t about providing a service to users, they’re about making money off of users.

They’re also about creating new commerce-driven standards. While MySpace, Google, Facebook are big names in Social Media, they’re the groups behind the world’s most powerful networks – not the people interacting with APIs and building new social media projects. While its nice to see these groups offering some ‘standards’ for interaction, they’re also saying “ok, but you have to play by our rules now!”. How different would these Open Standards look like if they were mandated by the widget developers, social media startups, or ad companies / corporate brands who are constantly building new online media projects? These ‘standards’ are concepts and hooks defined by benevolent dictators — not by the people who make applications.