This is a post I actually started writing at the end of 2007. But I had a hard time putting the finger on what it was really about. After today’s announcement of Google and Facebook now joining the dataportability.org work group I decided to look at it again to see if I could get my thoughts about the consequences of freedom on paper.
Looking back at 2007 for me the year has brought us expected but almost endless growth in social networks. The two biggest, MySpace and Facebook have reached both incredible amounts of users and traffic. There is obviously a need for users to participate in such networks. With rapid growth always comes pain. In the case of Facebook clearly the introduction of SocialAds and Beacon have become their major hurdle to be taken this year.
But a more subtle revolt is gaining strength by the minute. It comes from web knights fighting for the cause of freedom. People like Doc Searl, Tim O’Reilly, David Recordon, Rolf Skyberg, and Chris Messina are raising their voices to set the user and his data free. These people have been shouting hard enough to make some the companies with the biggest user data bases, Google and Facebook, to finally join an initiative to work on data portability. Marshall Kirkpatrick from readWriteWeb makes an interesting remark about that:
The group is working on a variety of projects to foster an era of Data Portability – where users can take their data from the websites they use to reuse elsewhere and where vendors can leverage safe cross-site data exchange for a whole new level of innovation. Good bye customer lock-in, hello to new privacy challenges. If things go right, today could be a very important day in the history of the internet.
Customer lock-in is exactly where the problem lies. We need freedom for users, not lock-in.
There has been a lot of talk about the current openness of social networks. Most services aren’t really open. The user gets inside but isn’t able to get out or publish his data from that network anywhere else. The web 2.0 free but ad based business model enforces these walls and is a major threat to both user and data freedom. The holy grail of behavioral targeted ads is strong amongst social networks owners and advertisers. But the tension between the advertiser wanting to get his message across and the user who’s privacy is not guaranteed will lead to backlashes as Facebook has been dealing with at the end of 2007. This tension is becoming so strong that even the Federal Trading Commission has felt the time has come to publish privacy guidelines.
While I also have argued that it is time to set the user free, I have been thinking a little bit about the possible consequences of that. Freedom always comes at a cost. That is fine, as long as we understand what that cost might be. Let’s first see what kind of freedom we are talking about. In a previous post I used the concept of a traveler and a gas station to describe the type of web we might be moving into. This concept leads to:
A passport that identifies you at all destinations, a traveling bag where you can keep your personal belongings, money, food, drink, a good map for the area you travel to, a language guide, and easy ways for you to: obtain relevant information/keep track of/meet/interact with friends and strangers.
It is a very basic and simple list of needs. Translate these needs onto the (mobile) web and we can easily come up with services that address these needs. Entrepreneurs need to think more in terms of running a gas station on a freeway waiting for a car to arrive and servicing the traveler, instead of becoming an amusement park owner, letting children drive a Donald duck car, but only if you visit Disneyland.
Perhaps the most obvious thread to this freedom comes from the user himself. Often depicted as lazy and unwilling to do the work needed to be in control of his own privacy, we tend to think that no one is really waiting to be freed. An argument heard often is “People on Facebook don’t care about the walled garden”.
This is probably true in a lot of cases. But I’m betting that the majority of the people on Facebook or Myspace, or any social network is completely unaware of the underlying business model of the service. They haven’t got the faintest idea that Facebook actually uses their data and interactions to draw advertisers to the platform and the user. Is that a bad thing? No harm done right? True, but it isn’t exactly transparent. And the trouble starts most of the times when the user tries to move his data from one network to another. Not only is this almost impossible to do, it also raises questions who really owns the data.
I believe it is a good thing to open up walled gardens, to set data portability standards and allow the user to move his data around in a way he prefers. I also believe that by doing that, service providers will start moving away from the free but ad based business model and start thinking about user value again. It is a knife cutting both ways. Everybody benefits.
Let’s assume that all of this is happening, that the user gets his freedom again. What does that mean for the user itself? H.L. Mencken once said ‘The average man does not want to be free. He simply wants to be safe”. I think that this quote ties in nicely with the earlier observation that Facebook users are mostly ignorant about the Facebook business model. They have a sense of security that their data is safe at Facebook and don’t really think about the consequences of their privacy.
Freedom comes with consequences:
- You can’t really be free unless others are free as well. If you are able to export your profile, data from one place to another, but your friends can’t or won’t then it won’t do you much good.
- If you control your data, then you get the responsibility for protecting it to a level that you are comfortable with. No blaming services like Facebook anymore. If things go wrong, then you probably screwed up yourself
- With this responsibility comes work and effort. As people are inherently lazy and pattern steered beings, changing this pattern will be a major hurdle. If controlling your privacy takes too much effort you won’t do it, with all the consequences being your own responsibility.
- Just as you have the freedom to chose how to handle your privacy and data, your friends have that right too. It isn’t really up to you to move data you got from a friend to another place. It is your friend who should be deciding about that.
Right now I don’t hear a lot of talk about how these issues are going to be handled when data portability becomes a given. I would have been surprised if it was being discussed as data portability seems to be a tech-created solution to the wrong problem. As I said before:
Unfortunately, we are all fighting the wrong war. It shouldn’t be about who owns the data. Who cares? It should be about providing me the best value. What I simply cannot understand is that service providers don’t realize they can have ALL relevant data directly from me if they provide me value, and if I am willing to trust them. It is all about choosing the wrong business model (data, walled gardens, free but ad-based services) instead of providing the user true value (the best business model you can think of).
Freedom for the user can only be achieved if we implement the right tools for him to protect and benefit from that freedom. We need:
- Excellent, easy to understand and use, transparent, privacy and trust controls where the default is always set by the standards of the user. This standard should be implemented across any service the user actually uses. It implies that these measures are user centric, not site-centric!
- Easy to use exporting and archiving tools. Freedom for me and my data isn’t really true if I can’t move around easily. We need standardization so that exporting social data from one network to another can be done seamless by the user himself. That also includes downloading all my stuff to my own computer, burning them to a CD etc. Ever tried burning your Facebook contact data to a CD?
- I often see privacy tools implemented in such a way that technically protect my privacy well, but require unwanted amounts of effort to use. I don’t want to be in a continuous dialog with a privacy control system asking me if person x or company y can have a specific piece of information. It will take too much effort of the user and will therefore never work. Instead we need a finite set of default behaviors that are related to the task I’m doing as well as the data that is being used. An obvious example would be that it would be rather odd if Facebook would start asking me about my credit card details when I’m browsing profiles. But when I’m buying a book at Amazon, it is just fine. In the first case I might want to actively make a privacy decision, in the second case probably not.
Data portability is important and it is good to hear that some of the major players are now joining the work group. But I hope they aren’t going to solve a technical problem. What they should be thinking about is how technology can support human needs. If they do that users will be freed, if they don’t then we will be stuck with a technical solution to the wrong problem. To be free, or not to be free, that is the question.