Shifting the balance of power inside out solves many web 2.0 issues

Image taken from: http://www.pinkfloyd.co.uk/insideOut/

What are the most important aspects for a User-Centric web to me? In a User-Centric web:

• I get to own my data and my interactions
• I control my privacy
• Services travel along with me, instead of me traveling to those services
• I do not perceive walled gardens, I can take my data with me and (re-)use it wherever I want
• Services connect to me in a standard manner, allowing me to (re-) use my data (think friend list, unified messaging, interaction, privacy control etc here)
• Services read my privacy policy and terms of use, and agree to my terms when connecting

It basically changes the balance of power inside out. Instead of putting control at the web service, control should be with the individual user. If we switch to this perspective you will find that a lot of the issues we currently see on the web would be solved quite naturally. We would not need destination-based business models (with complementary user-lock-in and walled gardens). It would solve the biggest web 2.0 tragedy as service providers would have to compete on user value, instead on network value. And privacy, or the lack of control, of it, would be solved automatically, as the user decides what to do himself. that doesn’t imply that everything will be locked down. It just implies the user explicitly can decide what to do, including the option to share everything.

The problem with this concept is that it takes plumbers to realize it. You need development effort to focus on the core aspects of the way the web works. It isn’t about creating a new Facebook or Twitter. There is no glorious, unique business model available to make this happen. It really isn’t even about technology. we already have the technological capability to make it happen. The real issue is revenue. Unless we figure out a way to generate revenue  in this User-Centric web, we won’t see it happen easily. There are movements working on this.  OpenID is a great example. But we will need commercial companies to embrace this concept and bring it to life. Unless there is a revenue generating perspective they simply will not do this.

The exception is obviously Google. Google is not only the largest revenue generating machine on the web, they are by far the biggest plumber too. Their recently announced Google Wave is a typical example of this. They have just provided us the mean to re-invent the way online communication works. This is going to have a huge impact on existing communication and social networking services if adopted. Google wave to me is one of the first initiatives that will allow us to develop User-Centric services.

Maybe we should simply revert to a very old business model, even older than the current web 1.0 models we upgraded to web 2.0. Maybe we should ask users to pay for the value they receive?

The fundamental problem of ‘owning’ user data

Who is on control now?

I do not often agree with Facebook, but I do agree with their decision to make privacy settings of their users more important than opening up the vast amount of data they track to 3rd party developers. Marshall Kirkpatrick writes about that decision and points out that Facebook isn’t opening up everything:

Facebook holds a mind-blowing amount of conversational data. The company is analyzing it extensively and it has an omniscient view of conversations across all the networks of friends and privacy restrictions. It uses that aggregate data analysis to make business decisions and to sell advertisements. The rest of us are only allowed to give Facebook more data and to get back a sliver per user that will facilitate more user-level participation in amassing more data at Facebook.

He continues and decides that the value of the data is too big to be held by one company alone:

The data that Facebook controls, conversations and social connections, could be used for analysis of real-time social patterns which could lead to world-shaking new insights. Do we get access to that data? No.

Why not? We don’t get that access because Facebook was built on a fundamental promise of privacy and a complex system of privacy controls. Privacy is good, it’s very good. But, the census gathers and exposes personal data without violating privacy. Lots of systems do.

[stuff deleted...]

The data the network controls is just too valuable to keep locked up for only the company’s own analysis.

Marshall asks an interesting question and provides a provocative answer for it. Is the ability to innovate with user data fundamentally more important than the right of a user to keep his data (interactions)  private?

It is tempting to answer this question with a ‘yes’. Many web advocates will explain that by giving up privacy they get value. That the free flow of data has lead to new interaction possibilities that were impossible before (web 2.0). We’ve made our progress because everything is set free. Data that is free can be mashed up and provide new value, unprecedented.

While we all benefit from these effects, we should not lightly dismiss this as a simple case of ‘collateral damage’. Marshall touches a fundamental dilemma. What is more important, the rights of the mass, or the rights of the individual. In the western world we tend to assume an inverse relationship between individual rights and social control. More social control leads to less individual rights and vice versa. Marshall suggests that individual rights may be less important than the ‘greater cause’ of being able to provide more value to users if data is freely accessible. The obvious question to ask when resented with this view is “where do you set the boundary?”  In other words, what violation of individual rights is still acceptable for the greater cause of innovation?

But to me, there is a more fundamental flaw underneath. Individuals do not really have the means to protect their rights in the first place. Even with every privacy setting Facebook offers a user, there isn’t a single setting that protects the user’s rights from Facebook itself! There is only one way a user can be in control of his own rights. The user can decide not to participate. The web gave us value, and in return it forced us to give up our most important right. The right of the individual. Everything is free and accessible for all. But in return we have to accept that there is no way for us to control what these companies know or do with the data they collect. No matter how honorable Facebook is, they have a disproportional power that allows them to crush individual user rights. Currently, 3rd party developers complain they can’t store Facebook data because of privacy settings, but Facebook itself doesn’t have that limitation. Teh user doens’t own his data, Facebook does.

I realise that these views aren’t popular. That many already (un-)consciously made the decision to participate. We are accepting a world in which the balance is in favor of the companies that develop services. That it is ok that I have to accept a Privacy Policy and Terms of Use of a company, but that that same company doesn’t commit itself to my individual rights. I do not mind data being set free, but I do mind that I do not really have the means to decide for myself what the tradeoff is. It’s all or nothing. Join the party or stay home. And while we might see the benefit of more value now, this is a decision that can’t be undone easily.

Don’t get me wrong. I totally agree with Marshall that the innovation over user data can lead to incredible value. I’m fine with sharing my data in order to have access to that value. What bugs me is that I do not have control over that decision or that balance. We are scared to give that fundamental right back to the individual. It might break all web business models. But I am an optimist. I think we would be surprised to see how many people would be quite willing to share data in return for value. The difference is that in this new situation they would be able to make a conscious decision. The user would be in control. He would join a service like Facebook and consciously deciding the best trade off between sharing information and obtaining value from the service. And that conscious act would provide us all more value than the current situation in which we are  hijacked.

The only way this can be solved is by putting the user in control. Turn the entire model inside out Privacy/accessibility settings should not be set per service, but set by the user. The user shouldn’t have a fragmented profile across every service, but instead have one profile that can connect to any service. He should not have to find friends across many services, but have his friends within his profile, accessible to him across any service he wishes to use. The user can be in control of what his profile would look like per service, who his friends are, what data he is willing to share. The user should own his data. If that would be the case then we would have balance between user and service provider. If the user has control over the decision to share, then there can be a much more effective exchange of data for value. A service provider wanting access to some of that data will have to agree to the individual’s privacy policy and terms of use. We would not need a new developer’s APIs for every service, but we would need one standard API that allows users to connect to services.  In many ways, putting the user in control would simplify technology and our ability to mash up data in order to create new value. It enforces a more natural cooperation between service provider and user.

The real innovation of the web would be to restore balance and put the individual user in control again.

Questions

Networks and destinations

1. If everything becomes open and connected, what will happen to the big destinations?

2. Why is the web rapidly evolving into uncountable databases with connections, instead of one database where everything connects?

3. If all services and destinations become open, then what is the point in being a destination site in the first place?

4. Why are we creating webs within webs, instead of one network that connects it all?

Personality and identity

5. Why am I forced to be fragmented across the web, instead of having one presence that can connect anywhere?

6. Why do I need to get my friends to use the social services I’m on, instead of having my friends with me no matter what service I use?

7. What is or defines my online identity? Am I my profile, my interactions, my data?

8. What defines my presence on the web? Is it the fact that I can be found, or that I can interact anywhere?

Data

9. Why is ‘having data about me’ more important than ‘serving me the right data’?

10. Why is real-time data more important than serving the right data at the right time?

11. Can data lead to demand, or does it only take care of supply?

12. Why does a company have control over all data, instead of letting the user be in control of his own data?

Privacy

13. Why does every service need a TOS and a Privacy Policy, but at the same time the users that are exploited don’t have a TOS or personal Privacy Policy?

14. Why does every service have to implement privacy controls for the user, while we could implement 1 set of privacy controls that the user can control across all services?

Business models

15. Why is the economic model on the web broken for most companies?

16. Why do most companies work with advertisement models while clearly few manage to be  sustainably profitable?

17. When does the network effect diminish in web business models and thinking?

Behavior

18. Why can we now publicly rant about anything or anyone, without really being held accountable for our actions?

19. Why do we expect everything to be free, and then have high demands and complain about service?

20. Why would we want to have thousands of friends and interact everywhere?

21. Will we continue to increase interaction or are we reaching saturation?

22. Why do we spend more and more time online while real life passes by so quickly?

Just a few questions that I have. How about you? Do you have any?

Anyone have some answers?

The Facebook business model is the root cause of a lack of transparency

Mark Zuckerberg just announced that Facebook will revert back to the old terms of service as too many people complained about the new ones. I think it is a honorable that Facebook is retracting a pretty bad plan. It is also good to see that they are now engaging with their community about where to take this. In the post Mark states:

Going forward, we’ve decided to take a new approach towards developing our terms. We concluded that returning to our previous terms was the right thing for now. As I said yesterday, we think that a lot of the language in our terms is overly formal and protective so we don’t plan to leave it there for long.

More than 175 million people use Facebook. If it were a country, it would be the sixth most populated country in the world. Our terms aren’t just a document that protect our rights; it’s the governing document for how the service is used by everyone across the world. Given its importance, we need to make sure the terms reflect the principles and values of the people using the service.

Our next version will be a substantial revision from where we are now. It will reflect the principles I described yesterday around how people share and control their information, and it will be written clearly in language everyone can understand. Since this will be the governing document that we’ll all live by, Facebook users will have a lot of input in crafting these terms.

It’s a difficult thing to get right. Facebook has obligations to shareholders, advertisers, business partners, 3rd party application developers, the employees of the company, and yes, the user too. What makes the task even more daunting is that the Facebook business model (free, advertised based) forces them to leverage the size of the network, instead of monetizing on individual user value. It puts them in a balancing act where the advertisement capabilities need to outweigh the individual user rights in order to keep a decent revenue stream. In other words, the more freedom Faceook has to use the data coming from user profiles and interactions, the more capabilities they have to create revenues.

Why do people sign up for Facebook? I suspect in most cases to have a good time and connect with friends. They do not want or need advertisement. It’s a distraction from the core value they wish to receive from Facebook. At the same time, you can’t provide 175M people a free service without some way of creating revenues (although it remains to be seen if advertisement is going to create enough revenues). The problem is that most people are not aware of this and Facebook is not providing the transparency to make sure people are taking a conscious decision when they sign up for the service.

If anything, it is this lack of transparency that should be solved first. The TOS is only one aspect of that. When you sign up for Facebook it should be clear how the service is making money. It should be clear that when you start adding friends, interact, upload content, etc. that all these actions are monitored and stored. It should be clear that even when you are setting privacy controls to a high level it only affects other users, but that it doesn’t protect you or your interactions from Facebook. It should also be clear what Facebook does with 3rd party developers, advertisers and other companies that use the Facebook ecology to create businesses or revenues themselves. And when all of that is clear, then a user can take a conscious decision whether all of that is ok or not.

That is the dillema Mark faces. How are you going to educate 175M people about your business model and all its effects? A User-Centric or User Driven business model would force you to do the right thing for the user, and as a result of this you create revenues. Facebook is forced to do the right thing for the company in order to protect its revenue streams. And that is a big difference.

Mark Zuckerberg is answering the wrong question, and we fell for it again

There has been quite a bit of uproar about Facebook changing their Terms of Service. Unfortunately, no one is asking the right question, thus letting Mark get away with answering the wrong one. The section that created this uproar reads:

You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof. You represent and warrant that you have all rights and permissions to grant the foregoing licenses.

In other word. Anything you publish on Facebook can be used by Facebook. TechMeme sees a large number of replies to this change and this forces Mark Zuckerberg to write a post explaining Facebook’s motives. He writes:

Our philosophy is that people own their information and control who they share it with. When a person shares information on Facebook, they first need to grant Facebook a license to use that information so that we can show it to the other people they’ve asked us to share it with. Without this license, we couldn’t help people share that information.

[stuff deleted...]

Still, the interesting thing about this change in our terms is that it highlights the importance of these issues and their complexity. People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them—like email addresses, phone numbers, photos and so on—to other services and grant those services access to those people’s information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with.

Mark tries to explain the complexity that arises when users start sharing information. He explains that this TOS change is needed to allow users to have access to shared information , even when the original sender/sharer has deleted his or her account. In other words, if I share a photo with you, and I decide to delete my account, should you then not have access to that photo anymore?

While Mark does a good job explaining this process and it’s complexities I cannot help but feel that the blogging community has let Mark get away with answering the wrong question. He has done a perfect job in avoiding a much more important privacy issue than the issue that arises when two people share information via Facebook.

The questions Mark should have answered are the following:

What exactly does Facebook do with all the user data has been collected on Facebook, and how exactly does it monetize that, even after a user has deleted his or her account?

I could care less about the information I share with others via Facebook. That sharing process is a conscious act. I know that if I share that whatever gets shared is out of my control.  What I do not know is what Facebook does with that information. Why do they tap into all of my interactions and my data? What do they store, and how do they monetize that exactly? If I set my privacy settings as strict as possible do they still see everything? How is that data being used outside of Facebook? Do 3rd parties get access to that information as well, even if I do not want them too?

The problem at hand isn’t users sharing things on Facebook. It isn’t even controlling privacy on Facebook. The problem is that I do not have a clue or option to protect myself from Facebook. Any service that monetizes user data and interactions indirectly using a free but advertisement business model puts the value of the network in front of the value of the individual user. You get a free service, but you do not know exactly what you are giving up for that. And that is what Mark should be explaining. The rest is just a decoy so that the really difficult questions do not need to be answered.

I might not even mind that Facebook monetizes my user data, my friends, and my interactions. But right now, I don’t know how Facebook uses that data.We might think that our online lives are not connected to our real lives. We might even think that privacy is dead. But the problem is not that privacy is dead, but that it is distributed unevenly. In other words, the user is forced into total transparency when signing up for services like Facebook. But the service itself lacks transparency. There is no way we are going to find out what Facebook does with us. And it is this unbalanced relationship that we should be worried about. Mark Zukcerberg does a great job answering the wrong question, and we all fell for it again.

Privacy is not dead, it is distributed unevenly

A famous oneliner from the CEO of Sun, Scott McNealy, in 2001 was “Privacy is dead, get over it”. It sounds true. This generation is growing up with Google, social networking, and having all relevant data on the web. We exchange private details of our live in order to receive service and value. We willingly share personal information in order to connect and interact with friends on the web. We are used to services exploiting our user data and don’t mind getting advertisement served in return.

The early adopter crowd jumps on every new social service inviting the rest to join in as well. In a Friendfeed discussion recently, Robert Scoble called privacy dead too. I responded by saying that that’s a stupid thing to say. Robert then explained what he meant. He exchanges privacy for service and gets value. I think that is a perfectly legitimate way of controlling privacy on the web.

Unfortunately, most do not understand the dangers of publishing or sharing personal information on the web. Nor do they know how to control this trade off Robert talks about. Privacy is currently diminished to privacy settings of Facebook. Not only are users not even aware of the availability of these settings, but they fail to realize that these settings do not protect them from Facebook. People don’t realize when they enter a zip code to find a restaurant, or look at the weather, they are giving away crucial information that can be used to determine an identity. Zip code, gender and birth date are often enough to figure out someones identity.
Most people are not aware that their Internet Service Provider has access to everything you do on the web. They know exactly which sites you visit and when. Your e-mail is available to your e-mail provider, unless you use encryption. Even openly deployed schemes, such as having to hand over private and personal information about yourself when signing up for a service like Facebook doesn’t make users worried.

Let’s look at 5 reasons why the sound byte “Privacy is dead, get over it” shouldn’t be taken for granted:

1. Financial theft
The most obvious problem related to a lack of privacy is theft. Credit card theft is big business. Spyware, malware, unprotected transactions on the web, phishing sites where you think you are signing up for a trusted serves that asks for a credit card nr, the possibilities are endless. It is relatively easy to get access to long lists of stolen credit card details. And once your credit card details are known it opens the door for fraudulent financial transactions. It sometimes takes months to figure this out yourself. I bet that everyone that reads my post knows a person that has been a victim of credit card fraud. It is a widespread thread.

2. Identity theft
Identity theft has become relatively simple on the web. We leave many traces of ourselves and our personal information behind on the web. Each piece of information in itself might not be harmful, but we tend to forget how easy it is to collect a much larger collection of personal information using Google, or for example a more personalized people search engine. For identity theft we really only need a few pieces of information. Birth date, gender, zip code. With any luck you can find out where a person lives, which college he went to, who he is married to etc.etc. The possibilities are endless. Chances are a person has published his mail somewhere on the web. Combining relevant personal information from that person his e-mail account can be hacked. And that same e-mail account is likely to be used for bank services. From identity theft we get back to financial theft and more.

3. Reputation
Our reputation in the old days was contained within the social relationships we were involved with. These relationships were naturally confined to locations, time and people we knew. On the web this has changed dramatically. Now everybody has access to personal information of anyone online. You do not have to meet someone to find out about him. Use Google or any other search engine to find out information about a person. You may argue that since you have nothing to hide there can be no harm done. But what if an insurance company sees that you love to skydive, or a photo of you smoking at a party? What if a company that you contacted for a job sees your old college photos where you and your friends were just having a good time? Or they see you having an online quibble with a friend and wonder about your ability to handle conflicts? Or notices that a blog post you wrote gets negative comments from (anonymous) readers? What if a bank investigates you on the web when you apply for a loan, only to find out that you haven’t been working at a job for more than 6 months in a row? Each of the pieces of information are totally harmless when places in one context, but are quite damaging to your reputation in another. Your reputation is now publicly searchable and without the context of a social environment you are acting in, this can lead to harmful situations.

4. Gossip
This is probably an unexpected danger when we build up an online profile. We are much more vulnerable to rumors and gossip. Where this used to remain within the social borders you moved in, they can now reach the entire online world. Anyone that wants to do you harm has a platform to (anonymously) start gossip and rumors about you. As your online reputation gets harmed you will find that it is extremely difficult to protect yourself from this.

5. Databases never forget
When we go online we leave traces everywhere. The site we visit, the things we search, the people we interact with, the transactions we perform. Everything is stored in databases. Often the information stored contains errors. There is no way for us to control what is being stored about us. But once stored, that information doesn’t disappear. And in most cases it doesn’t harm us. A friend of mine once was denied a loan because investigation showed that he was a bad debtor. It took him weeks to figure out that he once forgot too pay a bill of $10 for goods he bought online. He corrected his mistake, but nevertheless, the store had reported his behavior and it was stored away in a database that gets accessed when you apply for a loan. An example of how a small mistake can lead to considerable damage.

There are many more examples thinkable in which the public accessibility of personal information can lead to harm. We are so used to publicizing and sharing personal information that we simply can’t imagine the potential harm it can do us. Just because everyone shares personal information as if it has no value doesn’t mean we should accept that. Just because we all use Google and social networks doesn’t mean we should also accept that privacy is dead. Just because social networks let you sign up for free and encourage you to connect to as many people as possible doesn’t mean you shouldn’t be aware of the possible consequences.

I feel that one of he most dangerous aspects of the “Privacy is dead, get over it” sound byte is the unequal relationship between those that have power over those that do not. A government, take the United States as an example, demands full transparency and doesn’t accept privacy as a constitutional right. But these same rules do not apply to the government itself. It doesn’t provide us transparency. We do not know what the government is doing with our personal information. There is no way for us to gain insight.

The same thing holds for services on the web. In order to join a service we have to disclose personal details. Yet we are not allowed to see or know what that web service is actually doing with our personal data. We disclose personal information to receive value. But we do not have a clue what we are giving away and how it will be used at some point.

This is the fundamental flaw in privacy on the web. It isn’t dead, it is unevenly distributed. The powerful enforce full disclosure without disclosing anything themselves. And as long as this inequality exists we shouldn’t accept the mantra that “privacy is dead” but instead actively work on solutions to help users control their own privacy.

It is naive to think our online lives are not connected to real-life

There seems to be a strange disconnect between our online and offline lives. Different rules, norms and values seem to apply. It is as if our online personality is not connected to our real life. We act differently and feel a sense of freedom online that seems to compensate for the restrains we might feel in real life. We are all actors in this massive online play and it allows us to do things we wouldn’t consider doing in real life.

Examples?

We wouldn’t allow anyone, not even the landlord you rent a house from, to put web cams in our houses and record every conversation inside the house “to make our experience better”. Yet we throw our privacy principles over board when we get online and join sites like Facebook or MySpace.

We wouldn’t show a stranger arriving at our doorstep our family photo album. Yet we publish and annotate these same photos online so that the whole world can view them.

We protect our children against danger in the real world. We supervise their first steps into the world.  We don’t let them talk or walk with strangers. We don’t let them bully others. Yet we let them get online unsupervised and unprotected, explore the web and social networking.

We do not divulge private matters concerning illness, lost jobs, winning the lottery, fights, love, etc. to strangers we bump into on the street, yet we disclose all of this online in social networks where half of the time we don’t even know who is listening in.

We wouldn’t tell complete strangers where exactly we live, when we are going on holiday or business trips (what if they rob us), yet you can find all of that information, and more, online.

In real life we have opinions, but we do not disclose these opinions everywhere. We might even be inhibited to do so as it might turn on you at some point in time.  Online we join every conversation and start opinionating immediately. And we forget it gets recorded and will never disappear again.

The people we call friends in the real world is limited. A friend is something different from an aqcuaintance. Online we have thousands of friends. You may argue these are not your real friends, but why then do we disclose so much about ourselves to these ‘friends’? Why do we spend so much time engaging with people we really don’t know?

We do not tell anyone about our bank accounts, our passport numbers, social security numbers or birth dates unless there is a real need to do so. Yet online we sign up for any service that pops up and disclose happily our e-mail addresses, passwords, birth dates etc. In most cases these turn out to be the exact same pieces of information we use for online banking and financial transactions. Every once in a while we get scared of phishing, but soon enough we forget about it again.

We don’t trust new insurance, banking, or telephone companies that tell us we can use a service for free if we allow them access to our private information, and listen in on our conversations.  Yet online we let social networks have access not only to our own profiles, our annotated baby pictures, our families and friends, but also to our interactions with all of them.  We allow all of that private data to be exploited commercially.

We protect our privacy and family in real life, yet we let social networks protect our privacy online? Who protects us then from them?

I could probably extend this list further and think of more disconnects between real life and online behavior. But the real question is, do we care enough about it to actually deal with it? The ability to connect and interact with anyone online has brought us a lot of freedom. It has many positive aspects to it. It has freed us from many real-life constraints. If you can afford to be part of this online experience you will find that it tends to level things. Everyone can be a pop star.

But I would like to urge you to think about this for a minute. As real-life and online behavior become more and more connected, entangled, you will find that it is less easy to separate them. Online and offline become the same life. While we see our online behavior as play now I doubt it will still be play in a few years. And yet we act as if these worlds are not connected. We disclose almost anything about ourselves online and do not think or understand the possible consequences in real-life. With viruses spreading across the world and a network of computers that spans the entire planet harm can be done in a split second. Where wars are still fought on the ground, they will also move into cyberspace. Where commercial exploitation of your private data now leads to display ads you can safely ignore, it might lead to less harmless forms of commercial activity in the future. Where your next job interview might now depend on your previously achieved results. In the near future it will depend on what a Google search result will reveal about you.

Am I being too negative about this? Maybe, considering current behavior in social media my views aren’t exactly popular. But I also firmly believe that we are formed and shaped by our own actions. My advice would be that you start acting online like you would do in real-life. Thinking these worlds are disconnected is naive.

Our need for interaction locks us up

MySpace has over 200 Mln registered users. Facebook follows fast with 140Mln registered users, and they are adding an astonishing 600.ooo new users every day. A rough estimate suggests that more than half a Billion people are registered in social networks worldwide. That is half of the entire Internet population. Clearly there is a need to be participating in social networks. The need is interaction.

While social networks undoubtedly have brought us many great things I find that the current setup is undesirable. Techies might consider Facebook and MySpace web 2.0, but their strategy is very much 1.0. They are silo’s. You are either in, or out. Or as Doc Searl puts it, Facebook is the Borg. Once in, it is hard to get out. You should realise that it isn’t Mark Zuckerberg or a talented developer providing you cool features that keeps you locked inside a social network. It is their choice of business model. MySpace and Facebook have only one mission, and that is to become the single silo everyone uses as their communication platform on the web. It allows them to execute their free, advertisement based business model. In this business model the network is more important than the user. In other words, the business model becomes more effective when the number of users increase. This is not to be mistaken from the network effect Tim O’Reilly often speaks about in referral to web 2.0 services. Web 2.0 services improve as more people join, in other words, the quality of the service improve as more people use it. In the case of the free advertisement based business model the revenue stream increases when more users are joining, but the overall value provided to the individual user is not 1-1 related to the number of users.

For that reason social networks make it super simple for you to add new friends. At the same time it is nearly impossible to leave the network, taking your data with you. And it is a service violation to export your Facebook contacts to another service. Getting in is easy, leaving is out of the question.

In order to keep the silo the most important platform, new services are added all the time. Facebook is not just a social network anymore, it is a platform of services. It provides users so much functionality that there seems to be no reason leaving it once you are in. A whole generation is now growing up thinking that Facebook is the Internet. And while Facebook and other social networks continue to add new services making this sound very reasonable I see a few reasons why this is undesirable:

1. There should not be a single company having so much power over our web experience. Especially if such a company leverages our (private) data in their business model. Diversification is good, building one platform and closing everyone into that platform sounds more like an old fashioned communist-like scheme to me
2. Privacy needs to be controlled by the user, it should never be controlled by the company that exploits all data and interactions of that very user
3. People are largely ignorant about possible dangers of the information they are sharing through social networks
4. The business model involved is mostly destructive as hardly any value is created. Facebook has a gazillion pageviews every day. While we are interacting with our friends, they display advertisement to us, thus trespassing through our relationships. The advertisement is largely ignored by all of us. No value creation there. And the sucker that ends up paying for this “value”? The advertiser, unaware of the bottomless hole he is throwing his money into.

Social networks are there for our desire to interact. But that interaction comes at a cost, we lose our privacy and diversity. While that might not sound like a big deal now I believe that in the end this will not be beneficial and even dangerous for us. The nearly unlimited growth of social networks will stop at some point. As we are all on MySpace or Facebook, it will become less valuable and cool to be part of it. Human nature simply doesn’t like captivity.

5 dangers of social media

Few people seem to realize or care about the dangers social media brings to our lives. Our online habits are changing rapidly from a closed, private behavior towards an open and sharing culture. While this brings us lots of good, it seems to me we are still very naive about its possible dangers.

Let me provide you five dangers that arise due to our changed online behavior. These dangers should make us realize that when (not if) we move into an era where data becomes currency, we will need to develop better privacy and security measures to go along with that. There are many more dangers that can be thought of, but I’ve just picked 5.

1. Identity theft

Stealing another person’s identity is easier than you think. We are not aware of the information we share on the web. And we often do not realize that Google never forgets. We can find names, birth dates, family members, school and work history, and much more on anyone. We can find e-mail addresses, credit card information, and from there we can get access to bank accounts and identity information. Honestly, it doesn’t take a genius to steal a person’s identity online. Right now this often has financial repercussions (people buy stuff on your credit card), but the consequences may be more severe. When important aspects of our lives are moved online identity theft can do us more harm. Think about someone committing crimes in your name. And it can be done so easily. All you need to do is sign up for a new cool web 2.0 social networking thingy. This is a harmless example, but you can imagine what can be done.

2. Everything known about you can and will be used against you

Remember that college party where you had a great time and posted a few pictures of you and your friends on the web? Remember that post you wrote where you talked about your political views, your religion, sexual preference, or point of view on various issues?  Remember that you friended a person that turns out to be a criminal? Or it happens to be someone that is a bit more explicit, has really different political views than yourself. Often we are not aware what others can find about us. Part of the problem is that we have almost no control over the data that is stored on the web about us. But once it is out there it can and will be used in ways you hadn’t thought about before. How about a status update on Twitter or other social network. “I’m off to the web 2.0 Summit in San Francisco’. Harmless right? Not if you realise how easy it is to figure out the address you live at and then empty your house while you are away in San Francisco.

3. Everything is traced to you as a person

If there is one difference between the online and physical world is that data online can be traced to individuals more easily than in the physical world. We are often not aware how much information we give away that can be directly related to us. Social networks have millions of of profiled users in their database. Google has Google accounts. Every time we log into such profiles the data that is collected is directly related to our identity. It isn’t anonymous, it is traceable to ourselves. And that data is used, often for commercial purposes, but sometimes for evil purposes. It may take new laws, new governments, a change in a management team, or a war that can get the wrong people have access to your profile.

4. You have no control over your user data

Web 2.0 services live and thrive by your user data. Facebook exploits your and your friends data and creates revenues from it. Any web 2.0 company that has advertisement as one of its core business model elements will use your data, your interactions, your friends, to create revenues. You get privacy settings that protect you from other users, but who protects you from Facebook itself?

5. Who are you talking to?

Everything becomes social. As a result we can friend thousands of people on the web. In most cases we do not know who that ‘friend’ is. We are not aware that social networking services have a business model in which the network (the no of users connected) is way more important than the individual users. So ‘friending’  is dead simple and encouraged. It seems less important to actually know someone than to ‘friend’ anyone that comes along. Quantity over quality. And while this works out fine in many cases this certainly provides dangers for children, relative less experienced web users, etc. Who are you really talking to?

conclusion

I do not think that sharing, social networking or social media are necessarily bad things. I do mind that current practice ad business models make sharing more important than privacy and security. The current financial flow doesn’t allow us to develop better privacy or security measures as there is no one interested in investing in it. Privacy is losing ground to social media while they should be developed hand in hand. I often hear the argument “I have nothing to hide, so what is the fuzz about”. I find that a naive view on this subject. This shift in behavior caused by social media services with data becoming the most important currency is a development  that is unstoppable, and it calls for immediate action.

The unexpected dangers of Social Media

Yesterday I was going through some of my feeds when I saw something that made me stop and think for a while. It was an automatic update of Robert Scoble to Friendfeed. Robert turns out to be a Dopplr user and has set up his profile to feed automatically into Friendfeed. On Friendfeed we could read that Robert was returning to Half Moon Bay today.

Dopplr is a social networking service that lets you enter in your traveling schedule and share it privately with friends and colleagues. It then comes with all kinds of social functionalities that allow you, for example, to see if any of the people you know happens to be somewhere at the same time you are.

I’ve looked at Dopplr at an earlier stage but decided it wasn’t for me. But the way Robert used that service made me go back to his personal profile to see what Dopplr does. And it turns out there are (obviously) a lot of details available about his personal traveling schedule.

I feel that this is an example of social media use where having the ability to share anything with anyone reaches a privacy boundary we might not want to cross. There is nothing wrong with the Dopplr service itself (or with Robert for that matter). But when a service that advocates private sharing of personal information provides the user with the ability to share publicly things might get a little tricky. Especially if you are a naive user (Robert isn’t).

The power of social media lies in the ability for users to interact everywhere, any time and over any content thinkable. The tech  community has embraced this ability and shares anything with anyone. Life streaming is the new magic word. Personally I find this concept highly overrated. Let’s face it, a lot of our daily activities aren’t interesting enough to share with the whole world. Our lives or the things we do aren’t the same as lives of famous pop stars. It’s weird to see pop stars wishing that they’d be left alone for a while when they get harassed by press and fans. At the same time the infamous (that would be us) try to get the rest of the world to observe them as if they were pop stars by providing a life stream of things that happen. Sorry guys, we aren’t that interesting and I doubt people will lose a night of sleep over my published life stream (yawn). The real underlying problem with life streams is that the things that get shared are useless as there isn’t intent in sharing. The technology allows us to share anything we want, so we do exactly that. Burying the possibly interesting stuff under a thick blanket of total waist. But I digress.

Having a life stream, connecting your daily steps to the outside world has many advantages. But there are also disadvantages that most are not aware of. I feel that the early adopter community isn’t discussing or exploring the privacy aspects enough. We tend to look at the technical side of things (wow, cool technology), or the functional side (hey, I can now share my traveling plans). But we don’t discuss privacy. Privacy is obviously a painful and difficult subject in relationship to social media. It’s something we leave to the service owner to protect. That is not only naive but completely useless. You can have the best privacy controls implemented in a service like Facebook, but who is protecting me from Facebook? Privacy must be the responsibility of the user. But the sad thing about it is that privacy is held in a death grip by social media, and it’s slowly choking and turning blue.

A Dopplr feed being publicly shared is a good example of this. The advantage of Robert publishing his traveling schedule is that he might be able to hook up with friends during his traveling. But it makes him vulnerable in a perhaps unexpected way. I told him on Friendfeed that if I were a thief, his traveling schedule would provide me with excellent information on his whereabouts. I’d know when he would be home and when not. And I sure would know his house is filled with all kinds of expensive technology (his life stream tells me that). It reminded me of a story on the news a few weeks ago. It turns out that car thieves in the Netherlands had found a very lucrative thieving method. They would go to the long parking area of our national airport and steal expensive cars with integrated car navigation systems. Then they would choose the “home” address on the navigation system and drive to the house of the unaware owners that were obviously on vacation. As a result, not only their expensive car was stolen, but their house was conveniently emptied too.

The information about being home or not is obviously just one example that can have a very unexpected result. We share much more then that. We talk openly about the things we like or not. We talk about people we do or do not like. We are often unaware how much information about ourselves and our thoughts we are sharing publicly. Thirty years ago we would probably need a private detective to find out stuff about other people. Now all we need is to be able to operate Google.

I don’t think sharing information is a bad thing. I do think that current web practices makes people very vulnerable, especially if they do not understand the consequences of their actions, or worse, leave their privacy to be protected by Facebook and the likes. It’s why privacy needs to be controlled by the user himself. This is impossible with current services and that is a dangerous trend. Social media can be more dangerous than you expect.

Do we really need privacy controls in Social Media?

A small discussion yesterday on Friendfeed after I posted a video that puts up a big warning about the way Facebook deals with your privacy. I do not know if any of the claims in that video are correct. Jason Kaneshiro pointed me to an article posted earlier that mentions some of the same assumptions here.

Privacy and Social media. An interesting contradiction. Social Media allows us to interact over any content on the web. It’s pubic by nature, people are stimulated to join an open conversation, become public figures. Social media does sometimes provide us “private” back channels (the direct message in Twitter). It is an unstoppable process. Any website, channel or technology is making the move towards the usage of social media. We love to be part of any conversation and by doing that we increase the value of any service for the service provider and ourselves.

And it feels good too. I don’t care a bit about the aggregation capabilities of Friendfeed for example. But I like the ability to join in a conversation about that content that gets aggregated. Same thing goes for Twitter. Tweets essentially broadcast something to anyone that wants to listen, and every once in a while, it leads to responses that make you smile, laugh out loud, sad, surprised. All emotions are addressed in a way.

I think it is a great that social media allow all of these interactions to take place. It makes the online world a more fun and interesting place to hang out. But it gets messy when the objective of the one providing the social media capabilities isn’t to let us interact. It gets messy when the objective is to store and analyze our interactions and relations on the web in order to make money. It gets messy when a privacy policy of the service provider is 10 pages lawyer talk that no one bothers to read. It gets messy when users are naive enough to think that this isn’t happening at the service they use. That is the point where privacy all of a sudden becomes important in social media.

The sad thing about this is that Social Media and privacy are holding each other in a death grip. But privacy is slowly choking and turning blue. Social Media can’t really exist unless it facilitates public interaction. But underneath lies the trouble. I can’t think of a single web company that isn’t using the free ad based business model to exploit social media. And it is this business model that really fights the battle with privacy. And unfortunately it is winning, big time.

The generation that grew up without social media still has a grasp of what privacy means on the web. The generation that lives with social media now is already losing sight on the concept. And that i a real threat in my opinion. Privacy control is as important as controlling your own finances. It is not something to think lightly about. That doesn’t mean that there should not be any public interaction through social media! But it’s crucial that the participants can decide for themselves which aspects of their online lives an interactions are accessible and reusable by others, and which aren’t.

The only way Social Media and privacy could co-exist, because that’s what is needed, is to make the user himself responsible for his privacy control. These controls can’t be implemented within the social media. They need to be implemented within the on-line presence of the user!

To explain this consider the following (its’s from that Friendfeed discussion I mentioned earlier). Facebook allows you to set all kinds of privacy controls. Within Facebook you can decide what your friends can and can;t see, and up to a certain level you get to control 3rd party access to your profile. But there is one control missing. It is the ” Facebook, stay away from my profile”  control. Facebook helps you to protect yoursef from anyone except Facebook.

Privacy is something the user needs to be in charge of. Who are you to think that you can do this for me? To implement this one could think of a highly localized version. Every user has his own privacy controls on his computer. But a much better solution would be to use the banking model. Create large privacy faults on the web where users can store their interactions and controls. Interacting using social media then simply passes by the controls we have within those vaults. Some will provide full access, some will put constraints on them. And the banker that provides this privacy service only has one business model, that is to protect the user’s privacy. And just like with banking, we want to have choice, privacy banks that compete to provide us the best, simple, easy to use, cheap, customer-centric service possible. A service that can connect with all social media and allows instant, fin-grain controls accessible to the user.

A simple idea, but almost impossible to implement due to the mainstream free ad based business model. Do we really need privacy controls in Social Media? You bet. We haven’t seen the last of this. As more Beacon-like services appear, feeding upon our personal data I think that privacy will wrestle back. Privacy will become a powerful counter force to the public addiction of this free ad based business model and get balance back into this death grip.

Who are you to think you are responsible for my privacy?

An interesting panel discussion with Google and Facebook opposing each other about data portabilty. Facebook refuses for now to implement Google’s FriendConnect. The reason Facebook won’t, according to spokesmen, lawyers and other executives is that Google violates their terms of use. FriendConnect could violate the user privacy, something very dear to Facebook.

A quote from the article written by Dan Farber:

Facebook’s Dave Morin defined openness as giving people control over the information they share and providing developers with the capability to build on top of the Facebook platform. Social data breaks down into three categories, Morin said: identity data, social graph data, and feeds and social actions. With 80 million users, Facebook has a responsibility to make sure that users understand what and how they are sharing information, he added.

David Recordon has a very nice way of saying that the Facebook approach is bullshit:

“What Facebook is doing (with dynamic privacy) is very laudable–if you choose to share something in one place, it should appear in another. It’s just not clear on how this dynamic privacy will work. If Facebook tries to do it by themselves and not with other people, it will be hard to make it really scale,” said David Recordon of Six Apart, who has been involved in data portability efforts.

While I do understand the need for privacy and protection for users, I also cannot help but feel that Facebook is playing its final cards in an already lost game of Walled Garden poker. Actually Dave Morin says two different and not so complementary things (I am paraphrasing here).

1. We need to protect user privacy
2. We need your data so that we can let 3trd party developers into our walled garden, thus making a whole lot of revenues

I believe that this whole privacy discussion is bullshit. Am I the only one finding it a bit ironic that I have to leave the safety of MY privacy at Facebook or Google to defend. They aren’t there to protect my privacy. They are there to “harm my privacy as little as possible” in order to make a few bucks. And to be honest, I’m fine with that. I understand that allowing such companies to access and work on the data I provide them I get services in return. But they shouldn’t be having this pathetic discussion over my privacy. They are at it because they have interfering business models. So let’s just quit this “laudable” privacy heroics and just talk about the things that are really what it is about.

There is only one person remotely capable of being responsible for my privacy, and that is me. If you seriously want to help me be in control of my privacy, then stop hiding behind your business models and terms of service. Provide me with easy to use privacy controls that do not need 10 pages of judicial language. Tell me exactly which switches I can set to protect my privacy, ad in return you can decide for yourself how much of the service you provide is free for me. I can understand the need to make revenues.

Stop choosing the path of advertisement harassment and 10 page terms of service while at the same time pretending it is for the “protection of the user”. We don’t need protection from either Google or Facebook. We need these giants to take the side of the user instead of the network.

If Facebook would be truly thinking user-centric, they wouldn’t be talking to Google about my privacy. They would be talking to me. They would provide me easy controls and also be very clear about the consequences of using those controls. If I protect all of my privacy then I shouldn’t expect much in terms of free services (as Facebook does need to make a buck). If I relieve my privacy controls and allow specific access to parts of my personal data, I get the service for free. It is simple, honest, and user centric. In that way I’m in control.

So please, stop doing all these “laudable” things. Hand me the controls over my privacy instead. Choose the side of the user once. It will help us all create a user-centric web. And it will stop us using the dreadful free but ads based business model that locks both the investor and the entrepreneur into walled garden thinking and holds us all in a web 2.0 Death Grip. Right now, a Facebook user is like a beautiful bird. The bird is free to fly anywhere it want, as long as it remains in the golden cage Facebook has provided them.

Facebook is fighting a lost cause, they just don’t know it yet

I’m not sure what to think about the different blog posts covering the interview Mark Zuckerberg has given recently. The tech community seems to be giving Mark a pop star status,leading to witch burning scenario’s, well described by Michael Arrington here. I guess techies are just like other people in need of icons.

Mark and his team do need to get credit for the way they have grown Facebook in a few years. Starting from scratch it is now on of the top communication platforms worldwide. There aren’t many examples of entrepreneurs being so successful in such short time. But now that the time has come to leverage that success, in other words, monetize the platform, I’m not much of a fan of Mark or the Facebook platform.

When it comes to monetising Facebook is constantly trying to balance on a thin line between the interests of the user versus the need for Facebook to generate revenue streams. The most obvious example is the release and backlash of their Beacon project. The main reason for their incredible growth but also this balancing act is that Facebook fell for the $16 Bln advertisement trap, just like many other web 2.0 companies did. In an interview with Marshall Kirkpatrick we can clearly see this balancing act. He says:

Zuckerberg told me today that he believes data portability is an important direction the web is moving in, that fundamental openness between sites is inevitable – but that Facebook is focusing on questions of privacy and user control as its contribution to that movement. That may be a fair, if frustrating, position for Facebook to take. It may also leave them on the sidelines of larger conversations.

Let’s translate this. I hear Mark is saying that data portability is great but that user privacy and the control of it comes first. While I couldn’t agree more, I have serious doubts Mark is there to protect the privacy of his users. Launching SocialAds and Beacon proves that Facebook isn’t there to protect privacy. That doesn’t generate revenues. Facebook’s sole purpose is to monetize the social network with advertisement. Which is fine, but hardly the “user” perspective. Facebook logs everything we do on the platform. We do not have the option to turn this data hogging off. It is the price we pay for getting the service for free. So let’s get one thing out of the way, Facebook isn’t there to protect our privacy. It is there to protect the Facebook network so that it can execute it’s business model without leaking value away outside the network. The biggest problem I have with this is that most Facebook users are completely naive to the working of this business model. They do not have a clue that Facebook collects their data, their interactions for monetizing purposes. It is the “below the radar” data hogging that creates the tension with user controlled privacy. Not the openness of the Facebook platform. Facebook is one big walled garden, and Mark isn’t going to open up that garden for data portability. He needs people to remain within that garden to make money. It is as simple as that.

On data portability he says:

“If you export your friends list, does their contact information come with that? What if they change their privacy settings later? Right now if you take an action that gets published to your friends’ news feeds, but then if you change your privacy settings later to be more restrictive – then those events disappear from the news feeds. If that data is published off-site, then there’s no longer any control over the data for users.

While this sounds like a real privacy issue which Facebook solves for its users, it really isn’t. Facebook isn’t actually deleting information or protecting the user when he changes settings. Facebook has your data, always, and never deletes it. The real issue is that the data isn’t owned by the user. He doesn’t have any real controls over it. Sure, he can ask Facebook not to display certain aspects of it in a newsfeed, but the data is still there, owned by Facebook. The Facebook user gets a false illusion of privacy and security, but in fact he doesn’t have the control. Always look who is in control, who owns, and you will know who is controlling privacy.

The answer to this privacy issue is really simple. Let the user own and control his data. Only then privacy responsibility is put where it should be, at the user. That doesn’t mean privacy is secure, users make mistakes or do not take their responsibility. It just means that the responsibilities lies there where it really belongs. I’m not sure if the user is ready for it yet, but it is the right thing to do. Check Dick Hardt’s work on identity 2.0 out. He knows what he is talking about and works on ways to solve this issue.

On Beacon Mark says:

On Beacon, Zuckerberg said: “There were sites that people wanted to share from, like Yelp, where you’re already making public comment. For shopping, maybe in a couple of years people will want to share that.” He said that it “was probably a mistake” to roll out Beacon in the context of user commercial activity. He emphasizes that Beacon is a part of the Facebook Platform more than it is an advertising effort.

I think Marshall gets it right when he says:

Zuckerberg’s assertion that people may be more excited about exposing their shopping activities in a few years may be correct, but it might also be the delusion of a man trying to monetize the tricky market of social networking.

I remember the speech Mark Zuckerberg gave when project Beacon was launched. He wasn’t talking to the users. He wasn’t addressing user issues or user value. He was giving his speech to top executives in the advertisement business. He was explaining to them that the world of advertisement was fundamentally changing due to Facbeook and Beacon. So let’s drop the “users want to share” part of this message and recall that the business model of Facebook isn’t about leveraging user value. It is about leveraging network value. Facebook is getting the Turkey ready for serving, the question is, who is the Turkey?

More on data portability:

I asked Zuckerberg if he was taken to the edge of a cliff and had to implement either OpenID, oAuth or APML immediately – which would he chose? He said he enjoyed the question, that OpenID was the one of the three protocols that had been most discussed internally, but that the bulk of actual developer demand seems to him to be focused on the Facebook Platform.

And finally Mark says:

“We are philosophically aligned [with the data portability movement],” Zuckerberg said. “We are pushing in our own way to make the world a more open place. It’s going to be good when it happens.”

I like the “philosophical alignment” part of it. Yeah we are committed to data portability (on a philosophical kind of way), but for now we will focus on the platform itself. Well, he couldn’t have said it any clearer than this. Facebook is holding on tightly to their walled garden. But it is a fight they will not be able to win. Human nature will not let them,. It is in our nature to look for freedom, not to be bound by some network value leveraging business model.

Big brother is watching me

A lot of different, seemingly unrelated, things are happening right now in the tech world. Looking through different feeds most of the discussions are about:

The mash-up of content seems to be important right now. I see it everywhere. People love the idea of taking different, seemingly unrelated, bits of data to mash it up into something new and unexpected.  The latest example being the Google – Twitter super Tuesday election mashup. My tech friends all talk excitingly about the possibilities of mash ups. I seldom get enthusiastic about these development. Just because it is technically possible to combine data doesn’t mean I have to like it. It takes more than technical miracles to make me start using this stuff, daily, and integrate it into my life.

Thinking about that I realised that in one area I do like mash-ups. I often write blog posts that way. I read a lot of stuff, have all kinds of experiences with family, friends, at work, and after a while a story seems to develop itself until it draws enough attention to be written down. Often triggered by observations from the people I follow on blogs, an observation or analysis can kick start a series of thoughts that lead to a new post. And I’m not talking about the stories on TechMeme, TechCrunch or any of the other major “breaking news” blogs. No, these things happen most of the time on blogs where people actually analyse behavior, and have something to say about that.

Why am I writing all of this down? Well, because a series of unrelated events and stories I have been reading the past days have led me to write down the title of this post “Big brother is watching me”. It started with a post from one of my favorite pattern hounds, Rolf Skyberg (I’m not anywhere near his capabilities to analyse and detect patterns), who talked about an identity theft that happened to him. In a post called “W3Top.org is stealing Twitter updates” Rolf wrote:

Apparently, W3Top.org thinks it’s perfectly appropriate to take my Twitter updates, post them as part of their “100% Free online dating and matchmaking service for singles”, and create a bogus account for me with bogus friends and an even more bogus location.

He goes on and asks himself the following question:

So this leaves us with the question, who really owns my Twitters? I wrote them, posted them to Twitter, and merrily went long my way.

Twitter is quite clear about copyright of twitters in their Terms of Service:

We claim no intellectual property rights over the material you provide to the Twitter service. Your profile and materials uploaded remain yours.

According to the Berne copyright convention, anything privately created is held in copyright by the creator. Brad Templeton explains this here on his page of 10 copyright myths:

For example, in the USA, almost everything created privately and originally after April 1, 1989 is copyrighted and protected whether it has a notice or not.

So we have a copyright violation (I never granted permission for Xasa/Bitacle to republish my works), but we also have something bordering on identity theft.

By republishing my content along with my known username and avatar image, they are implying that I support and endorse their service. This is, by the way exactly what they want people to think.

Because who wants to use a dating service that nobody else actually uses?

I went on and was overwhelmed by the number of “breaking news” posts about the Microsoft bid on Yahoo, the consequences and possible counter-strikes of Google. Ways for Yahoo to get out of a possible deal with Microsoft, US elections with Google and Twitter doing all kinds of data mash ups. Both Google and Yahoo going after Microsoft Outlook with their own upgrades of e-mail packages. Google entering the mobile market in China, and so on and so on.

So the major companies are fighting it out in the open again. A lot of suggestions have been made about the  strategy behind it all. I even made some observations about that myself suggesting that Microsoft and Yahoo could easily build the largest social network ever via integration and innovation of their e-mail services and that even Google might get a bit nervous about that. Robert Scoble seems to think different. He suggests that Google is stirring up the fire to draw attention away from their attempts to jump into the lucrative mobile market.

Then I came across a really good post by Zephoria. In her post called “Just because we can doesn’t mean we should” she talks about the ease at which techies are creating mash-ups without thinking about the possible consequences for the user. She says:

I am worried about the tech industry rhetoric around exposing user data and connections. This is another case of a decision dilemma concerning capability and responsibility. I said this ages ago wrt Facebook’s News Feed, but it is once again relevant with Google’s Social Graph API announcement. In both cases, the sentiment is that this is already public data and the service is only making access easier and more efficient for the end user. I totally get where Mark and Brad are coming at with this. I deeply respect both of them, but I also think that they live in a land of privilege where the consequences that they face when being exposed are relatively minor. In other words, they can eat meals of only chocolate because they aren’t diabetic.

Read her article, it’s well worth your time. The clashes between the big companies is a fight over two things. Data and control. Who has most data and who can control it best. It is what makes Google a fortune, it is what Yahoo wanted to make a fortune out, and it is what Microsoft wants to get his hands on. And if you thought things were all quite with Facebook, it turns out they have added a few new “features” below the radar. One of them is a feature that can suggest friends to you. Facebook can do this because they “own” everything we naive users put into our Facebook accounts. I think it is a pretty meaningless feature. If I needed advice on who should be my friend, I might as well join a dating service.

But it also helps me remind myself that free always comes at a cost. Behind every free service there are hurdles of eager beaver marketeers paying huge amounts of money to collect and mash up your personal data. This giving them the false illusion that if they have access to my personal data in the social networks I participate in, their message will reach me more effectively. Marketeers are idiots of course. They shouldn’t be thinking about that. they should be thinking about providing me value, but that’s another story.

If this era on the web is to be characterised then I would say it is the era where everyone is fighting over data and data control. Big brother is watching me, with the difference that there isn’t one big brother. There are uncountable big brothers, with a few major ones that have their claws into probably 80% of our web experiences. I agree with Zephoria that this is all happening too fast without enough thinking about the consequences for the user. She ends her article with:

Just because people can profile, stereotype, and label people doesn’t mean that they should. Just because people can surveil those around them doesn’t mean that they should. Just because parents can stalk their children doesn’t mean that they should. So why on earth do we believe that just because technology can expose people means that it should?

I don’t think the collecting and mashing up of personal data can be stopped anymore. We have all been drawn into an addiction of “free”services and we are unable to get out of that advertisement trap. Web entrepreneurs can’t think up any new buisness models to compete with the free model. But it might come at great cost. I want the right to own my own data, and I understand that it comes with my own responsibility to control and use that data. I doubt any of the data hoggers is really there to protect my privacy. That is fine really. As long as we all understand the consequences of this, and we all make sure to expose only those parts of ourselves that we feel comfortable with. Remember, big brother is not only watching me, but he is also on to you!

To be free or not to be free, that is the question

This is a post I actually started writing at the end of 2007. But I had a hard time putting the finger on what it was really about. After today’s announcement of Google and Facebook now joining the dataportability.org work group I decided to look at it again to see if I could get my thoughts about the consequences of freedom on paper.

Looking back at 2007 for me the year has brought us expected but almost endless growth in social networks. The two biggest, MySpace and Facebook have reached both incredible amounts of users and traffic. There is obviously a need for users to participate in such networks. With rapid growth always comes pain. In the case of Facebook clearly the introduction of SocialAds and Beacon have become their major hurdle to be taken this year.

But a more subtle revolt is gaining strength by the minute. It comes from web knights fighting for the cause of freedom. People like Doc Searl, Tim O’Reilly, David Recordon, Rolf Skyberg, and Chris Messina are raising their voices to set the user and his data free. These people have been shouting hard enough to make some the companies with the biggest user data bases, Google and Facebook, to finally join an initiative to work on data portability. Marshall Kirkpatrick from readWriteWeb makes an interesting remark about that:

The group is working on a variety of projects to foster an era of Data Portability – where users can take their data from the websites they use to reuse elsewhere and where vendors can leverage safe cross-site data exchange for a whole new level of innovation. Good bye customer lock-in, hello to new privacy challenges. If things go right, today could be a very important day in the history of the internet.

Customer lock-in is exactly where the problem lies. We need freedom for users, not lock-in.

There has been a lot of talk about the current openness of social networks. Most services aren’t really open. The user gets inside but isn’t able to get out or publish his data from that network anywhere else. The web 2.0 free but ad based business model enforces these walls and is a major threat to both user and data freedom. The holy grail of behavioral targeted ads is strong amongst social networks owners and advertisers. But the tension between the advertiser wanting to get his message across and the user who’s privacy is not guaranteed will lead to backlashes as Facebook has been dealing with at the end of 2007. This tension is becoming so strong that even the Federal Trading Commission has felt the time has come to publish privacy guidelines.

While I also have argued that it is time to set the user free, I have been thinking a little bit about the possible consequences of that. Freedom always comes at a cost. That is fine, as long as we understand what that cost might be. Let’s first see what kind of freedom we are talking about. In a previous post I used the concept of a traveler and a gas station to describe the type of web we might be moving into. This concept leads to:

A passport that identifies you at all destinations, a traveling bag where you can keep your personal belongings, money, food, drink, a good map for the area you travel to, a language guide, and easy ways for you to: obtain relevant information/keep track of/meet/interact with friends and strangers.

It is a very basic and simple list of needs. Translate these needs onto the (mobile) web and we can easily come up with services that address these needs. Entrepreneurs need to think more in terms of running a gas station on a freeway waiting for a car to arrive and servicing the traveler, instead of becoming an amusement park owner, letting children drive a Donald duck car, but only if you visit Disneyland.

Perhaps the most obvious thread to this freedom comes from the user himself. Often depicted as lazy and unwilling to do the work needed to be in control of his own privacy, we tend to think that no one is really waiting to be freed. An argument heard often is “People on Facebook don’t care about the walled garden”.

This is probably true in a lot of cases. But I’m betting that the majority of the people on Facebook or Myspace, or any social network is completely unaware of the underlying business model of the service. They haven’t got the faintest idea that Facebook actually uses their data and interactions to draw advertisers to the platform and the user. Is that a bad thing? No harm done right? True, but it isn’t exactly transparent. And the trouble starts most of the times when the user tries to move his data from one network to another. Not only is this almost impossible to do, it also raises questions who really owns the data.

I believe it is a good thing to open up walled gardens, to set data portability standards and allow the user to move his data around in a way he prefers. I also believe that by doing that, service providers will start moving away from the free but ad based business model and start thinking about user value again. It is a knife cutting both ways. Everybody benefits.

Let’s assume that all of this is happening, that the user gets his freedom again. What does that mean for the user itself? H.L. Mencken once said ‘The average man does not want to be free. He simply wants to be safe”. I think that this quote ties in nicely with the earlier observation that Facebook users are mostly ignorant about the Facebook business model. They have a sense of security that their data is safe at Facebook and don’t really think about the consequences of their privacy.

Freedom comes with consequences:

1. You can’t really be free unless others are free as well. If you are able to export your profile, data from one place to another, but your friends can’t or won’t then it won’t do you much good.
2. If you control your data, then you get the responsibility for protecting it to a level that you are comfortable with. No blaming services like Facebook anymore. If things go wrong, then you probably screwed up yourself
3. With this responsibility comes work and effort. As people are inherently lazy and pattern steered beings, changing this pattern will be a major hurdle. If controlling your privacy takes too much effort you won’t do it, with all the consequences being your own responsibility.
4. Just as you have the freedom to chose how to handle your privacy and data, your friends have that right too. It isn’t really up to you to move data you got from a friend to another place. It is your friend who should be deciding about that.

Right now I don’t hear a lot of talk about how these issues are going to be handled when data portability becomes a given. I would have been surprised if it was being discussed as data portability seems to be a tech-created solution to the wrong problem. As I said before:

Unfortunately, we are all fighting the wrong war. It shouldn’t be about who owns the data. Who cares? It should be about providing me the best value. What I simply cannot understand is that service providers don’t realize they can have ALL relevant data directly from me if they provide me value, and if I am willing to trust them. It is all about choosing the wrong business model (data, walled gardens, free but ad-based services) instead of providing the user true value (the best business model you can think of).

Freedom for the user can only be achieved if we implement the right tools for him to protect and benefit from that freedom.  We need:

1. Excellent, easy to understand and use, transparent, privacy and trust controls where the default is always set by the standards of the user. This standard should be implemented across any service the user actually uses. It implies that these measures are user centric, not site-centric!
2. Easy to use exporting and archiving tools. Freedom for me and my data isn’t really true if I can’t move around easily. We need standardization so that exporting social data from one network to another can be done seamless by the user himself. That also includes downloading all my stuff to my own computer, burning them to a CD etc. Ever tried burning your Facebook contact data to a CD?
3. I often see privacy tools implemented in such a way that technically protect my privacy well, but require unwanted amounts of effort to use. I don’t want to be in a continuous dialog with a privacy control system asking me if person x or company y can have a specific piece of information. It will take too much effort of the user and will therefore never work. Instead we need a finite set of default behaviors that are related to the task I’m doing as well as the data that is being used. An obvious example would be that it would be rather odd if Facebook would start asking me about my credit card details when I’m browsing profiles. But when I’m buying a book at Amazon, it is just fine. In the first case I might want to actively make a privacy decision, in the second case probably not.

Data portability is important and it is good to hear that some of the major players are now joining the work group. But I hope they aren’t going to solve a technical problem. What they should be thinking about is how technology can support human needs. If they do that users will be freed, if they don’t then we will be stuck with a technical solution to the wrong problem. To be free, or not to be free, that is the question.

Freedom to the people (part 2)

In a previous post I talked about some major changes I would like to see happening to the current web. The most important aspect of that is to provide the user freedom again. I said:

More than 2006, when Time Magazine unfortunately called YOU the most important person of the year, I think and hope 2008 will be the year where the user gets his long-wanted freedom back. 2008 will be a year in which we will see the first brand/portal/network/social graph/device- agnostic services pop up. What does all of that mean? It means that the portal or network concept we are so used to is slowly replaced by initiatives where the user isn’t locked in, but viewed as a traveler reaching a place where service is required.

To reach freedom for the users we need new business models. No one will freely remove the existing “customer or advertiser lock-in”, walled gardens, locked user data unless there is a new economic engine that can really set the user free. At the same time we might question the user’s comprehension of what it means to be locked in or set free. Millions of people are already locked into walled gardens and exploited for advertisement reasons without really knowing it or even caring about it. The same thing holds for advertisers. They are locked into a promise that a new era in media has arrived and that it will bring endless new possibilities to reach a targeted audience using tools like Beacon and SocialAds on Facebook.

At best an advertiser reaches a semi-targeted and somewhat ignorant audience. But most likely these new ways of reaching targeted sets of people will lead to indifference by the user. A new business model or economic engine isn’t enough, we also need to show the user that being free has advantages over being locked in. We need to show the advertiser that advertisement only makes sense if the advertisement itself provides the targeted user value. And we need to convince service creators to work on user value monetization instead of network value monetization.

What would such an economic ecosystem have to look like? What benefits should it address? Difficult questions with difficult answers. Chris Messina points this out very well when he says:

We need instead to frame the discussion in terms of real-world benefits for regular people over the situation that we have today and in terms of economics that people in companies who might invest in these technologies can understand, and can translate into benefits for both their customers and for their bottom lines.

The discussion is continued with Anne Zelenka at GigaOM.

Real-world benefits for the user

What could be real-world benefits for the user to be free? Although some obvious advantages like data freedom and privacy control come to mind immediately, we might need to look beyond that. Let’s face it. There are currently hundred of millions of people locked into social networks like Facebook and MySpace and they do not seem to care that their profile data, friends data, relationships and interactions aren’t their own. It is impossible to export any of that into another service thus providing the user choice. But he doesn’t seem to mind much. His privacy isn’t guaranteed and his data is being used to target advertisers onto his profile. Users are often described (and often behave) like ignorant, lazy, “entertain me” like people. Some even predict it is human laziness that will burst the web 2.0 bubble.

I am a more positive thinker about human nature. People need to interact, and they want to do this as conveniently as possible (we are a bit lazy right). Freedom is about having a choice. Being able to say I can choose it the way I want. I believe that if a user is offered choice between spending time within walled gardens or traveling around as a free man, the choice will be on freedom. Freedom would provide the user the possibility to integrate real-life experiences with “cyber” experiences. In a way that is convenient to him.

I wrote about the web being a surrogate of real-life interactions. But if you can integrate real-life interaction with the ability to share and interact with people who are not physically present it would add value.You should be able to decide how, where, when and with whom you would have that interaction. Regardless of device, technology or platform. That is what freedom is about.

You can use Facebook and the friends you have there, but if you want to do something else, then it should be possible as well. Without you losing the ability to interact because some platform locked your friends away behind some wall. And freedom is a blade cutting 2 ways. If you have the choice to interact in the way you want, a service provider that wants to service you needs to provide value. For it is only that user value that makes you want to use that service provider. So freedom for the user leads to user value innovations, everybody wins.

And with this freedom comes the ability to be able to identify yourself anywhere with one means, and the ability to perform transactions anywhere using a simple mechanism.

Benefits for the advertiser

If a user is free he will choose to interact with a brand or an advertiser. It will be a positive choice, one of free will. It provides the advertiser with a meaningful interaction with the user, providing him valuable opportunities to build a brand, advertise or sell stuff that matter. The advertiser can learn more about the user in a way more targeted than a Facebook profile or Beacon message.

It means letting go, stop waisting enormous amounts of advertisement spendings on large groups of users. Instead the advertiser will have to learn to interact on an almost individual basis with users. Microbranding. Scary, but also potentially very powerful. It also means that advertisers will have to deal with the user being on the move (for he is a traveler). It will focus the attention of the advertiser to add value to the experience of the traveler. Not just broadcasting a message to him, but understanding what the travelers needs are when using a service, and adding value to that user experience by providing brand or advertisement that actually matters.

Benefits for the service creator

If the service creator would be able to let go of the concept of “customer lock-in” and think about his business in terms of serving a free traveling customer he would be forced to think in terms of user value. There is no need to put up walls and lock customer or advertiser within those walls, as the user is free to go wherever he wants to. Instead he needs to work on his main competitive advantage, providing the user more value than a competitor could do.

Service creators need to let go of their proprietary platforms, the lock in of users and their data, the free but ad-based business model. They need to participate in a user-centric web, become a gas station next to a freeway servicing the traveler passing by.

There are clear benefits for the service creator. Most importantly, instead of providing services for free and creating revenues through ads, the user will pay for the value he obtains. This leaves the service creator to concentrate on user value and monetizing that. It implies that the service creator should not focus on page rank, page views and user clicks but instead focus on meaningful interactions of the user via his service. Interactions to buy or sell things, to find help or provide help, interactions with friends or strangers, search information. Each of these interactions can be monetized if they provide the user value. We are happy to pay for sending an SMS because it allows us to interact with our friends. We pay for a professional Flickr account because it provides us more freedom and value than a free account. We should be paying Twitter when sending an SMS for it adds value to my interactions with others.

This is not an easy step to be taken by the service creator. Right now he is in control, he owns the platform, the data, the social graph, the connections to the advertiser, and yes, even parts of the user in some way. They have to believe that freedom in the end benefits us all. A user that willingly chooses to go to a service creator will be more valuable than a user that is (unwillingly) locked into the service by the service creator. As Milton Friedman, Economics Nobel prize winner, has said rightly:

“Underlying most arguments against the free market is a lack of believe in freedom itself”

I have only provided an outline or framework in which an economic engine might be redefined allowing the user to become free (and taken too many words for it already). More and detailed work needs to be done to define the benefits for all. Then again, courage and the willingness to start is all it takes to set the user free and and the same time making huge amounts of money on the monetization of user value. Any takers out there?

Google’s assault plans on social networks

TechCrunch just posted an article in which they reveal that Google might be planning a “major assault” on the social networking scene.

I have written on the Google strategy before, and it seems that a lot of the things written down then are now becoming a reality. Google plans to open up all their applications, creating a social layer across all of them. But, in contradiction with Facebook, Google seems to have plans to open up the network two ways, not only allowing a user to us this layer across many different Google applications, but also across different social networks. It’s what many call “the web as a platform”. Scott Karp dismissed that term a while ago, quoting Google’s Jeff Huber:

A lot that you have heard here is about platforms and who is going to win. That is Paleolithic thinking. The Web has already won. The web is the Platform. So let’s go build the programmable Web.

This of course being a direct declaration of war on Facebook.

The most important asset according to Scott is data, and Google has plenty of it. Actually, I don’t really agree with Scott on this. Data is static, it is the application or usage of data that is important. It is not just about data, it is about interaction.

Google is definitely in a position to open up the social network space and even fill in some of my wishes to get out of the web 2.0 trap, I am wondering if they are going to make the right choices, especially when it comes to privacy. Google probably already knows everything there is to know about me, but can they handle my privacy as well?

And more importantly. Will they think user centric, or simply connect everything because technically they can create the APIs.

But my main interest will be on their plans of their mobile strategy. Opening up the web is one thing, being able to connect the web to the mobile space is much more interesting. That is where the money is. Through the mobile space we can get out of the web 2.0 advertisement trap and create working business models that are not based upon ad harassment.

Will Google understand this? They will, but as their business model is advertisement, I doubt they will fill it in the right (user centric) way.

Solving the Mobile Internet equation

There is a lot of talk going on about mobile services. Especially Location Based Services (LBS) get a lot of attention. A few posts that drew my attention:

Om Malik wrote a short overview article of the deals that have been made in this business, showing that big investments are being made now.  There is an overview of different Location Based services here.

The NY Times gave a warning in several posts about the privacy concerns in their articles “Google’s Purchase of Jaiku Raises New Privacy Issues”and “Privacy Lost: these phones can find you”.

Steve Ballmer who used the same metaphor I used in earlier articles calls the mobile phone a universal remote control for your life (I like that metaphor, obviously).

Different announcements on new services, for example, Whrrl is Yelp plus Twitter (who comes up with these names?), and BluePulse shows you how to compete with Facebook and MySpace by offering social network capabilities only for mobile.

And finally Walt Mossberg started a lively discussion in  his post “Free my phone” which he makes the following comparison:

That’s why I refer to the big cellphone carriers as the “Soviet ministries.” Like the old bureaucracies of communism, they sit athwart the market, breaking the link between the producers of goods and services and the people who use them.

On a more personal experience, I watched a short live streaming show yesterday when a friend of mine send out a Twitter message in which he invited anyone to look at his live streaming conversation he had at that precise moment in a cafe in Amsterdam.

So what can we make of all this? Well, for starters, bloggers and investors like mobile. At the same time I think it will take some time for the mobile internet to become a hit. There are still many problems to be solved for mass adoption.

Why do you think SMS is THE killer data application for mobile? It is simple to use and supports a need for instant interaction to its users. All reasonable successful mobile services use SMS as their main interaction interface. And this is not just because it is simple. A major barrier for service creators to solve is the habits mobile users have. SMS has become such a major usage driver in mobile that it will be very hard to replace that with, for example, a graphical UI. In order to replace SMS as the main interface from Mobile to Internet (and any cell phone company will want that to increase ARPU=usages=$) you need interfaces that are as easy and quick to use as SMS is currently. Asking the user to change habit is very hard to do.

In that sense I am a bit skeptical about all these social network services that pop up, especially the location based services. I am not claiming they won’t become the next hit, but I do feel there is a lot of opportunism and technological innovation taking place that doesn’t really answer the “what is in it for the user’ question.

Just look at the examples that are provided to show the “convenience”of Location Based Services. The NY Times article quotes a user that when seeing her friends were too far away to make it on time to a meeting, she decided to leave later as to arrive at the same time. And she didn’t have to call her friends to tell them.

Pleazzzzzze, who came up with that being a killer app for LBS? This will never do, it totally bypasses the NEED of people to interact. How often do you find yourself in a conversation with someone on a mobile asking him where is and when he will arrive? It is the most important question being asked by voice and SMS? And now we don’t need that anymore?

Or the “if I walk around in a shopping mall I get harassed by all these great promotions of stores nearby” example. I don’t have a NEED for that. The whole reason I am shopping is that I want to take time to explore and buy things I am looking for. Without everyone screaming at me to come to their store. Imagine people physically standing in front of stores trying to pull you in as soon as you walk by (ever been in Egypt on a market?). It sucks, and I doubt many users would like it.

The problem with most startups that are in the mobile services business is that they tend to take cool technology and build all these services around them without really thinking about human behavior or needs. Forcing their high tech services onto the mass will not lead to the main stream adoption they are all looking for. And the fact that important tech bloggers like to use them is only a very small and perhaps insignificant indicator for success.

In my opinion (for what it is worth) the same thing holds for the development of mobile services as for any other. Keep it simple, hide all technological features and focus on human needs.

The need to interact with friends is BY FAR the most important one to focus on. And I don’t mean interaction in social networks perse. A simple example, I am using Twitter now and although it is meant to work as a microblogging tool, it is most fun when it becomes an interaction tool. If there is no interaction, Twitter makes me a groupie instead of a friend, and that just doesn’t work for me.

Start building open and simple to use interaction building blocks before we start focusing on browser-based mobile services. Solve the “getting my message to my friends and back” problem first, allowing not only text but also pictures and perhaps video to be send and received. MMS is not an option for this as it doesn’t work across all phones. If the problem can be solved across main stream cell phones and using open and standardised modules, then mass adoption becomes reachable.

From that, connecting the mobile phone to Internet based services, using these open and standardised modules will be the next important step. Forget about ads, or too much promotions,  as they will not work on mobile phones. Too much of an invasion of my private space as a user. Instead, think about the business models that actually work on mobile phones, that is payed services! Rolf Skyberg predicts that “free services” in the end are doomed to fail and I agree with him, although I am not sure yet how we can migrate successfully from free (ad based) services to payed services.

I do believe that privacy might become an issue with all the new capabilities. Here lies a great response for the user, but also for the service creator to protect the naive user! Revealing locations might sound like a lot of fun, but if it is not controlled by the user in a simple and effective way, the results might be disastrous (without him realising it).

So how about it? What do you think of these developments? What are the needs of mobile users and how can we support those needs in a simple and effective way?