Portable Identities and Social Web Bill of Rights
The future world of portable identities, reputations, and social graphs has many pluses and concerns. These portable systems could make the benefits of personalization, once only relegated to science fiction, a reality. The Social Web Bill of Rights makes the claim that users have the right to portability. But there are privacy implications to take into account as well. We will discuss an opt-out vs. and opt-in approach on data collection, privacy, and portability.
but I was disapointed. I first met with Auren in a Starbucks before Rapleaf was launching many years ago (in internet time). I had not seen him since despite inviting him to every Internet Identity Workshop since then.
When opening the talk the Stanford student gave the the description given of Auren’s goal with rapleaf was this “Enabling people to look up the online reputation of others. Making it profitable to be ethical.”
He opened articulating the basic components of the ‘ Social Media Users Bill of Rights‘
- Your information (basic info about you -address height etc – and preferences)
- Your Social Graph
- Your Activity Stream
The key things for this to work control over who accesses it and the freedom to grant persistent access
He also had a slide that mentioned that it be verifiable (???) I was confused by this and was not sure where it was drawn from and was not further articulated. As a side note one of the things that Bob Blakely (currently of the Burton Group previously blogging here) talks about Privacy is “the ability to lie about yourself and get away with it”.
Ok back to Auren’s talk.
Portable (identity, reputation and social graph).
Why is this important – because of the Tyranny of wasted time ‘refilling all those forms out’.
Portability of identity (in the way he used it) was articulated as – it is just information about you that basically is self asserted.
Social Graph portability was just briefly referenced about ‘the people you are linked to’. There was no discussion of one of the main concerns – a ‘social link’ is between two people and moving that information from one context to another should have the consent of the party that a link is asserted about. Update:Having completed the post and understanding their data-aggregation model that fits into their business model they explicitly mush peoples social graphs together from different sites to create an aggregate social graph that as far as I can tell is not visible to the user. Distinguishing and keeping separate context is not what they do.
He asked rhetorically “What is your identity” and then mushed claims and preferences together as if they were all the same kind of identity information (where you live, what you buy, what movies you like, your sexual preference).
He talked about why several efforts in the past have failed. He said that Passport failed because it was an ‘opt-in’ system that very sites would integrate.
I thought this was an interesting assertion. I guess it was opt-in on the part of the relying parties – but the reason the didn’t opt-in was because there was only one Identity Provider and they didn’t want to be locked into only getting identities from them. Individuals had no choice but to get their identities from Microsoft to use the system. This whole reasoning was not articulated for the students though.
The failure of Passport he said proved the difficulty with the opt-in way.
The ‘reformed Microsoft’ vision of an identity meta system and particularly the Laws of Identity that inform the whole current conversation of portable identity were never mentioned.
Reputation he said was (sort of) context dependent. My internal reaction was “SORT OF? it is completely context dependent”.
He talked about Credit scores (opt out) as a white list and captchas that prove you are not a robot. I didn’t quite get what Captchas had to do with portable identity – it seemed to be a leap that was mad in his logic that was not articulated – if you have white lists (like credit scores) that prove you are a ‘real person’ then you don’t need captcha’s. At least that is what it seemed to me he was saying.
He said that Whuffie was a social currency from doing nice things articulated in Down and Out in the Magic Kingdom.
This part was nice the chart articulated the Benifits and Challenges of Opt-In and Opt-Out systems.
|Benefits||User Decides|| Critical Mass
High Adoption Rate
No one wants to integrate
He continued talking about the privacy implications of portability. He articulated that companies should show people all the data they collect about them. He raised the issue about cookies and how ‘freeked people out’ when first introduced but now are normal. He also said that technogrpahics and behavioral Ad networks should share data.
He said that more data collection is inevitable – but at least we can have control over this data. We are not going to stop them taking data about us. We should require to tell us what data collect about us.
He said that privacy is a Grey Area but not reference any of Solove’s work on the subject of identity and privacy, information systems and law.
He did not suggest any tools for doing this or how we would audit and check on their collection accuracy or honesty. Omitting these made it all seem the goals of the user-bill of rights were just dreams really far off. There was the
Datasharing Summit that spoke a lot about this – there is the Higgins framework (although in its infancy it has working demonstration code) that has some core tools to do this for people and the sites that have information.
At this point we had questions and I challenged – Auren on his assertion about the draw backs of Opt-In. I said that OpenID was challenging the argument that it could not be widely adopted. He said yes AND it was only available on a very small number of sites.
Questions about the ‘right to delete’ were raised by Lawrence Lessig. Apparently in Germany there are laws about publishing information about past criminal offenses of long ago. How these translate online is a good question.
Both during his talk and in the question and answer period he talked a lot about the potential for optical recognition to track us around in physical space. It was conflated with tracking us around the internet. These are two very different systemic processes that have some similarities but a lot of differences. They were conflated in his articulation of the subject.
At this point I didn’t really know what RapLeaf did – I was about to find out. I thought it was just a tool that people used to do reputation outside of e-Bay for buying and selling…not so. It got way creepier since I last had it articulated at Starbucks.
Joseph Smar drove me to the Stanford train station and he explained the RapLeaf business. Basically they go around the internet and collect information about people that is keyed to their e-mail address. They aggregate this information and then they know about you. They then sell this information to sites who want to know about their user base.
His system is Opt-Out. I am in it twice(Rapleaf score 5 and 4 respectively). This is how they claim to help you keep your privacy.
You know as a user I am forced to give ‘real’ e-mail addresses to get accounts on services. Two of the services listed in my profile I don’t use at all (Tribe and Hi5). I don’t even remember signing into Hi5. I know my social graph in Tribe, Flickr, LinkedIn and Facebook are different and not directly transferable between them. I don’t want to be connected to ‘everyone’ in all contexts.
Surfing around to learn more about them and the reaction in the blogosphere I found some interesting things.
When you hover over a Rapleaf attribute with the mouse pointer, Rapleaf will now show you where it got the information that makes up an element in your Rapleaf rating–whether it was gleaned from a social networking site such as MySpace or provided by a peer who claims to know you. Yeah, all these factors contribute to Rapleaf’s estimation of your reputation, and now you can tell where the info actually came from. Useful… especially if Rapleaf got some detail wrong about you!
There is quite a bit on this blog but just one highlightThe Bankwatch:
This smacks of blackmail to me. A while back I received an email from Rapleaf noting that someone had searched for my address. In that case I knew it was me searching myself, but why am I left feeling that they are snooping on me, despite the fact I think [?] they are trying to protect me.
Rapleaf.com, a people search engine that lets you retrieve the name, age and social-network affiliations of anyone, as long as you have his or her e-mail address; and Upscoop.com, a similar site to discover, en masse, which social networks to which the people in your contact list belong. To use Upscoop (proudly stating they have searched 400,000,000 profiles), you must first give the site the username and password of your e-mail account at Gmail, Hotmail, Yahoo or AOL.
By collecting these e-mail addresses, Rapleaf has already amassed a database of 50 million profiles, which might include a person’s age, birth date, physical address, alma mater, friends, favorite books and music, political affiliations, as well as how long that person has been online, which social networks he frequents, and what applications he’s downloaded.
I suppose we should be happy to note that Rapleaf is not keeping track of our sexual orientation or the porn sites we visit.
They are using their information to help the political process though. (good thing I am Canadian and don’t participate in all that – not giving my e-mail address to political candidates).
From their website it articulates how you can ping their database of people to learn more about ‘your customers.’
Rapleaf’s TrustFuse product is an automated way of querying the Rapleaf system. Using Rapleaf or UpScoop is free and easy to use for consumers. If you are business, you can use Rapleaf’s TrustFuse system to learn about and serve millions of customers.
Work with Rapleaf by either:
1. Use our APIs to query your data real-time.
2. Upload the data in batch
Rapleaf’s TrustFuse product searches for information on your customers so you can provide them an enhanced user experience. You can use the API for up to 4,000 queries/day at no charge. After that, we charge a nominal amount per look-up.
So seems like campaigns are using TrustFuse from RapLeaf to figure out more about the voters that have signed up to get more information/participate in campaigns. I wonder exactly what they are finding out via the API’s.
His service is even more creepier then I imagined. It explains why he thinks that Opt-Out is the way to deal with these issues. Auren did say that if he couldn’t make it he would send someone to IIW in December. Hopefully we can have some fruitful face to face conversation.