Give it up for Bozeman

What would you do if your prospective employer asked for passwords to all of your social networking sites?

According to ReadWriteWeb, if you apply to work for the city of Bozeman MT,  you are asked for a list of the domains, usernames and passwords for “any and all current personal or business websites, web pages, or memberships on any Internet-based chat rooms, social clubs or forums, to include but not limited to: Facebook, Google, Yahoo, Youtube.com, MySpace, etc”.

What are you looking at?First of all, these people clearly have no depth of understanding of what they are asking for — the fact that they provided only THREE spaces for someone to enter their entire web presence is obviously a travesty of a mockery of a sham.  Most people I know would have to include an excel spreadsheet as an addendum :)

Beyond that, ask yourself what exactly it is that Bozeman’s moral evaluation team could possibly wish to examine in these accounts.  Most of what you put into a social networking site is there for other people to consume.   What have you got in your accounts that you couldn’t share using less intrusive methods?

Asking for Yahoo and Google passwords gives access to a massive amount of information, the richest source being your email.  Think of the juicy things they can mine for: affairs, viagra purchases, subscriptions to pr0n sites…   Facebook accounts could be mined for private messages.  Chat rooms… seems likely that racy-sounding chat room accounts won’t make it onto the application – so how do you evaluate a benign-sounding chat room account?  Log in and see if somebody wants to talk dirty?

And what if you are having an affair? What if you’re in the closet?  What if you are part of an unusual religion?  What if you are pregnant or have an STD?    You should still be qualified for most jobs at the city of Bozeman – but do you really think that knowledge of these facts won’t influence your chances?

If a company asked you those kind of questions in the interview, you could sue. Why on earth should they be able to ask for access to go find the answers themselves?



Photo credit: http://www.flickr.com/photos/nolifebeforecoffee/124659356

Glue 2009 – Conference Wrapup

Glue 2009.  Where to start.   This is the conference entry — learnings and philosophical interpretation to follow separately :)

My impression of the group was that it consisted mostly of the “maker” community — developers, entrepreneurs, and funding bodies working to create solutions in the cloud.   Everyone was bound by a common philosophy driven from a common business model and delivery mechanism.  I loved the esprit de corps that I saw among this diverse group.

Most vendors were new to me, and walking the booths was anything but humdrum. Given that so many of the attendees also had services of their own, I would have loved it if Eric and Kimberly could have set up some kind of fun elevator pitch or Pecha Kucha session where each of the attendees could run up and explain what they were up to, in the constraints of a social, time-boxed, creativity-encouraged event.

Speaking of Kimberly and Eric (the organizers of Glue) — bravo.   This was not a case of catering to a community.  This seemed to me to be a case of creating bonds aneCreating new bondsw.  It is really easy for conference communities to become inbred – eventually it becomes the same set of people viewing the world all in the same way, and agreeing and disagreeing in unison as if the “truth” was universally obvious.  The great joy of this space is that there is no universally accepted “truth” yet — but the danger is in repeating historical mistakes.   I think that Eric’s agenda choices were calculated to do two things:  to introduce those on the front lines to the cautions of the past but also to introduce those who make their livings through cautionary tales to the infectious optimism of this new generation of solution providers.   The best part about it was seeing just how much fun Eric and Kim have working together to make it happen – it was smooth, but still personal.

I’m really excited about the new people I’ve met, please don’t be strangers, you are are sharp and you are pursuing some incredible opportunities.  I can’t wait to see where you go.

The Modern Equivalent of Wearing Clean Underwear

Have you ever heard this adage?

“Always wear clean underwear in case you get in an accident”

It’s good advice, really.  The goal is to have a little foresight, and plan in advance such that you can retain your dignity in the case of an unforeseen event.  It used to be that the worst indignity that your Mom could imagine was having the doctors and nurses see you in dirty holey underwear, but what is the bare minimum in dignity preservation today?

I realized what the modern equivalent was while watching the news.  Somebody had been killed in my hometown, and the news program gravely displayed a picture of a smiling, happy face captioned with the following words:  “Image courtesy Facebook”.

In the case where your ‘accident’ is notorious enough to be newsworthy, but not so notorious that the Facebook admins immediately take down your account, your easily searchable social media photostream is likely to supply the images that everyone will associate with whatever it is that you’ve done (or ceased to do) forever more.  As such, I think that it is time for Moms everywhere to update their adage:

“Always keep one clean photo on Facebook in case you get in an accident”

After all, do you really want the last image of you to be shown or surfed on this planet to be that one time when you were really drunk and your buddy took pictures of you with beer coming out of your nose as you tried to drink from that stupid beer bong?  Or worse, your photo album was empty, but somebody else took a group photo and tagged all the names (including you), and it turned out you were “scratching” your nose just when the picture was taken?  Imagine that group photo on the news, with everyone else greyed out, and your nose-pick in bas-relief.

Of course, you could also say that the original advice is more true than ever;  perhaps the two could be combined to say that you should always wear clean underwear in case you get a picture put onto facebook that gets shown if you have an accident. Laugh if you want, but take a look at your photo album and ask yourself which facebook photo of yours would you want shown in the case of your untimely demise?  If there isn’t one, perhaps you need to show a little foresight, just like your Mama would want.

Microsoft Live – say it is not so.

I hear you’ve been going back on your word, Microsoft Live.  I hear you’re talking behind people’s backs, giving away all their secrets.

If you want to change your current policies on accepting anonymous comments, fine.   But when you promise a user that the comment they are about to submit is anonymous,  that promise should mean something.  Forever, not just until your next TOS change.  You shouldn’t have even stored information about who made a comment if they asked you to keep that comment anonymous.

People trusted you and believed in you, and they acted according to their trust and belief.  They didn’t know that anonymous really meant “tracked, stored, and correlated, but hidden only until we decide otherwise”.

Those of you out there who think anonymous comments are only about making nasty retorts or spamming- think again.  Sometimes, anonymity enables people to talk about their health, their relationships, their issues, their innermost thoughts, things they would otherwise be afraid to reveal.  Sometimes, anonymity enables an intimacy that can be a lifeline in rough seas.   Anonymous comments can be as deeply personal as any church confession – imagine if your confessions were taped, played to the world, and associated to you forever more.

I suppose the only moral of this story is to assume the worst about any technology that makes promises around secrecy.  Perhaps this will encourage pseudonymity – at least then you’re known to be tracked, but you can control what correlation might exist to your real name.  If nothing else, this should call into question the practices of any service that supplies that little “post as anonymous” checkbox.

Minimum Population of a "real" Social Network

Marc Canter says (or at least implies) that a social network with 5 people in it isn’t a real social network. I couldn’t disagree more.

There are 4 people in my immediate family, and let me tell you, there is no more social network out there.

What defines a social network? Number of hits? Ad revenue? If you ask me, the tool doesn’t define the social network – the community does. And I believe communities come in all sizes and shapes. I see nothing wrong with a small group of people wishing to collaborate in the cloud – it sounds a heck of a lot nicer than Facebook, truth be told.

My favorite social networks are not the monster amalgamations of strangers that form the current la-dee-da Web 2.0 acquisition market. My favorite social networks are kind of like the corner bar — where everybody knows your name (or at least your nick) and where you have a history that means something to others, while simultaneously caring about the history others have built with you. Why did Flickr users grieve when they lost their original identifiers? Because it was a little piece of their community history, taken away, diluted into a homogenized mix by a service with altered goals.

Saying a social network isn’t successful or shouldn’t be counted because it is small is like only counting a restaurant as successful if it has a franchise attached – who cares about the corner cafe, when you could have a Burger King, right?

I care. I suspect a lot of other folks care too.

Holy Open Social Batman…

I just read about the Open Social Web API: it would seem that a bunch of the silos of the world are about to begin using a common API to talk to their apps (and maybe each other?) about, among other things, previously sequestered identities and relationships.

I’m monstrously curious about if and/or how identities will be mapped between “containers”. I’m curious about the whole thing, in fact, as both a user of such services and as an identity control freak. I can’t wait to see what mechanisms are used, and whether something with some kind of identity & privacy cachet was tapped.

Will I like what I find? This quote from Brian Oberkirch makes me wonder:

Finally, I’ve seen no mention of the fact that every bit moved through these APIs will be mapped via Gdata into a great Google graph of social interaction. A version of Brad Fitzpatrick’s master graph, but part of the Googleverse.

Call me crazy, but isn’t a “master social graph” without any reference to consent or control from the user really just internet-scale involuntary identity aggregation? I don’t care whether the “social graph” is in fashion or not, I sure as hell hope that I can opt out if I so choose. I imagine that both the terms of service and privacy agreements for any partner service involved in the Open Social API will have to to change, and I shall be very interested to see what exactly those changes will be.

No matter what, this API is still a critical first step. Inertia is being overcome with respect to opening up user community silos. The what is good – but all of us scrappy identity and privacy folks had better hasten to examine the how, too.

Nasty TMI Mashup

Here is a perfect example of what happens when data you prefer to keep private ends up in the wrong hands. Or worse, when data about another person becomes public, and can then be used to infer information about you based on a past or present, direct or even indirect relationship with that person. In this case, there isn’t even proof, but rumor is more than enough if the spotlight is bright.

(via Jezebel, image from HolyCandy)

Exhibit A

The Dating Mashup (or my Facebook Adventure)

Let me tell you about my first day on Facebook. It was both intense and thought-provoking.

As most of you know – I’m not exactly a wilting wallflower. I’ve done a lot of things, been part of many and varying circles of people, and generally I’ve had myself a hell of a time. Many of my friends from the less-geeky parts of my life have been talking about and using Facebook for quite some time, and I finally caved in.

One of the very first people I added was an old, good friend from my gloriously misspent youth. I had run into him earlier, and he mentioned he was on Facebook, so I looked him up. Once we were connected, he sent me this message:

Hey!! Nice to see you check in my albums there is a photo of you that has sparked the longest comment chain around.

Next thing I know, I see that a photo has been ‘tagged’ as being of me. And I click over to see a picture me from my first year of university. It was a nice picture, nothing embarrassing or racy. The conversation around the picture, however, gave me pause. Let me paraphrase:

Commenter #1: I dated her in high school

Commenter #10: I dated her after high school

Commenter #17: I dated her after #1 and before #10…

Well, where does a person even start on this? As a conversation, this thread was funny & endearing and I am really excited to catch up with all of the people there, they are wonderful wonderful people. Nothing in the thread was secret – and all of the commenters were truthful in their remarks (except that I actually think that I dated Commenter #17 after Commenter #10 not before, but that’s neither here nor there). All of the people in the thread are part of the same circle of friends, and so this is no different than the same people sitting around at a party and looking at a physical photo from a shoebox.

but.

But.

BUT.

As much as I enjoyed the repartee, I couldn’t help but be overwhelmed by the implications of the situation in general. When my friend posted that picture, only those in his network saw it – generally speaking, those that were interested were all a member of one of my circles of acquaintance. No problem – until I join Facebook, and link all of my various circles TOGETHER. Suddenly, a photo & conversation intended for one circle is accessible to another. Yes, I can ‘limit’ what people see – but would I have the foresight, tools, and memory to figure out all the ways in which I really don’t want past circles to intersect in the future? What about current circles? What about friends who span the circles? I am suddenly the hub, and all my different spheres are the spokes, and those spokes are suddenly connected through me in a tangible, interesting, and researchable way. You may not need to be a direct friend; sharing a friend, a group, or a network may suffice as well (depending on whose account ‘houses’ what discussion, and who you and your friends open your accounts up to).

And once a meme starts, it’s tough to stop. There is a tipping point that could be reached. Why wouldn’t someone from some other part of my life or history cruise through and add his own dating history into that photo thread? Heck, maybe my husband will chime in, he’s on Facebook too. If there was enough interest, I do believe that an entire timeline could be constructed, and what could I do? I could scream and freak out and have the photo removed I’m sure. But such anti-social behaviour would become the object of discussion in turn. When you protest, people assume you are afraid of something :). Taken separately, nobody’s dating history is secret – but peer-to-peer publishing of cumulative results makes me feel vulnerable to the same phenomena occurring around some other, less innocent set of facts.

I have to cogitate on this a bit. And I have to figure out what to do when a professional colleague who isn’t also a good friend wants to ‘add me as a friend’. As I’ve said before, tools like Facebook blur the lines between social spheres, and we all get to slide down this slippery slope together, guinea pigs for the new digital age. Perhaps even worrying about controlling the descent is, in fact, no more than a delusion. For those of us who try to keep some lines drawn in the face of intense social pressure from all spheres to openly network, a long road is ahead. “All in” or “all out” are much simpler attitudes. I love the benefits of Facebook already; they are enough to put me into that scary no man’s land of trying to control multiple spheres, allowing some to meld and attempting to keep others apart.

One final question to ponder – by simply writing about this experience, have I compromised or complicated my ability to keep my social spheres separate? We shall see.

Wish me luck. I’ll need it.

Breaking the TOS before you even start

Today I actually for just ONE single minute paused to seriously contemplate the consequences of lying on a Web 2.0 registration form.

The site that caused this momentary lapse in common sense was Facebook:

Facebook DOB error

It turns out that I don’t want to supply my correct date of birth to Facebook. I would have been more than happy to assert that I was over 13 — but a complete DOB is just too much information. And yet — if I lie, I’m violating the terms of service:

Facebook: “…you agree to (a) provide accurate, current and complete information about you as may be prompted by any registration forms on the Site (“Registration Data”); (b) maintain the security of your password and identification; (c) maintain and promptly update the Registration Data, and any other information you provide to Company, to keep it accurate, current and complete;”

I started wondering – does this mean I can’t register a pseudonym on Facebook? Am I only legally able to register my “real” name? And if this is the case, what about all the other sites that I have pseudonymous names registered at?

Who knows, IASNAL (I am *so* not a lawyer) but if you were to ask me, it seems like the majority of accounts I have registered at the following sites are already in violation of the TOS:

Flickr: “…provide true, accurate, current and complete information about yourself as prompted by the Service’s registration form”

Multiply: “…provide certain limited information about you as prompted to do so by the Service (such information to be current, complete and accurate)”

Slashdot: “personally provide true, accurate, current and complete information on the SourceForge Site’s registration form (collectively, the “Registration Data”) and (2) maintain and promptly update the Registration Data as necessary to keep it true, accurate, current and complete. If, after investigation, SourceForge has reasonable grounds to suspect that any user’s information is untrue, inaccurate, not current or incomplete, SourceForge may suspend or terminate that user’s account and prohibit any and all current or future use of the SourceForge Sites (or any portion thereof) by that user other than as expressly provided herein.”

Google Mail: “5.1 In order to access certain Services, you may be required to provide information about yourself (such as identification or contact details) as part of the registration process for the Service, or as part of your continued use of the Services. You agree that any registration information you give to Google will always be accurate, correct and up to date.”

One site where I chose not to lie (and see no point in a pseudonymous account), is LinkedIn. I gave correct naming information to LinkedIn, but was not required to enter a date of birth, and so had no reason to pause during registration. I find it interesting that sites like Slashdot and sites like Facebook or LinkedIn have similar terms of use, even when usage is obviously quite different.

What do you all think? Do these TOS’s technically ban pseudonyms but not enforce? Does it matter? Oh, and if I ever remember to get around to finishing that Facebook registration, I hope to be at least a hundred and two years old, don’t be shocked…

Better watch the licensing on those Catalyst conference shots…

Have you seen this?

Virgin Mobile in Australia created an ad campaign around a number of photos taken from Flickr. All of the photos were licensed for commerical use, but it seems that many of the photographers had no idea of what it means to allow commercial use of their photos, and what it specifically means to allow commercial use of photos of fellow humans.

The ad company took photos from and of regular people and added captions that implied often-derogatory situations, meant to resonate with ‘hip’ audience members. For example, the ad shown here is a picture of a young girl in a goofy pose flashing the peace sign, and the caption is ‘Dump your Pen Friend’. The link above is worth travelling to — because the very first comment on the picture is the young girl herself, having discovered that she is in the photo. The second comment is from the photographer, having discovered that his photo was used. The comment stream is enlightening.

Another affected party was geekgirl Molly Holzschlag, who was one of a group of people photographed in an elevator during what I presume to be a tech conference. Their photo was captioned “People who talk in lifts have bad breath”.

There is the beginnings of a collection of the various photos here. More discussion on the subject is here, here, and here.

There are all sorts of debates around this issue – but my personal favorite ironic conclusion is that anyone who wants to be litigious about this matter will mostly likely have to sue not just Virgin Mobile and/or the ad company, but also whatever close personal friend was uninformed enough to take a photograph of their friend(s) and then license it for commercial use without having understood the responsibilities and liabilities involved. Can Virgin Mobile successfully use their photographer-mules as shields to stay out of the court-room?

The other interesting question to me is — how does the world end up regarding companies that make this kind of ruckus? How will Virgin Mobile end up regarding their own campaign? This case has obvious educational value, both from a privacy perspective and also prospective amateur content license users — it is a use case that can be cited over and again, because people will intuitively get the issues at hand – after all, who hasn’t taken or posed for that one embarrassing photo. Meanwhile, Virgin Mobile Australia has managed to garner a world-wide audience for their ads. Perhaps the press is negative — but will the ruffled feathers fade away, leaving only the remembrance of the brand? My guess is that it will.

Photos on sharing sites such as Flickr are a simple example of one person having power over another person’s identity information. For obscure subjects, the power is small, and mistakes in things like licensing are not important. Yet – all it takes is a spotlight to change things. This isn’t new, or specific to Web 2.0 — how may recording artists have signed horrible contracts before they made it big, at the time just grateful to have the contract at all?

All I can say is, I’m off to check the licenses on a few photos that I really wouldn’t like to be part of a national ad campaign :)