June 23rd, 2008
Are shoeboxes better than Flickr?
by Joshua Porter | 
7 Comments
Jon Udell, in a return visit to the Gillmor Gang, shares his vision for a future in which we control our own identity and digital content:
“What I ultimately want is for people to be born and to be given a social security number and to also be given control over some chunk of space in the cloud, some chunk of name space. And for all the stuff that they care about throughout their life to be there, controlled by them, and for the access to that stuff to be syndicated out in a controlled fashion so that…
Just for example, right now we expect people to manage their photos on Flickr and manage their health records on Health Vault or Google Health. And manage this, that and the other on this, that or the other service in the cloud. Right?
And the notion is that each of these things is kind of like this vault that you put your stuff into. And I really would love to flip that model around, and I would love the model to be that I’m me and this is sort of the cloud extension of me. And it has this stuff in it that I put there.
And then I define who has access to it and where that information flows or syndicates to and on what terms. And what that means is, that when I decide that I want to share something to my friends and family, I say one time what my definition of friends and family is. It’s not my Flickr definition of friends and family versus my Live Mesh definition of Friends and Family versus yadda, yadda, yadda.
I have a policy which I assert over my stuff that I control, which is this protected zone in the cloud. And I have some real control over how I define policies over that thing and who gets access to it and on what terms. And I get to audit that access in a coherent way.”
Udell then points out that there are two types of data here:
“So…why…does Flickr bundle together the notion of storage and archiving with the notion of social interaction with my photos?
Those are actually, in my view, separable concerns. I actually should be able to outsource the storage and archiving to some other provider. And in fact, there should be a range of providers that are making offers to me and there should be a sort of tiered set of offering there. Because right now, my digital photos, the stuff I’ve taken on digicams the last 10 years, I feel are less likely to be available to my grandkids than the shoebox that I have on the floor next to me which has photos from my grandparents era.”
While Jon’s statement seems silly on the face of it, given that you (in theory) can have as many copies of digital content as you want…he has a point. If you’ve cultivated your photos and access controls in a single service over many years…you really don’t have many copies…you have only one. And without the ability to easily get a copy, combined with the current volatility of Yahoo (Flickr’s co-founders just announced they’re leaving Yahoo), Jon turns what should be a silly notion into a very real concern going forward.
Mozilla’s Brendan Eich responds that to reach Jon’s vision it’s going to “require standardization of things like identity and secure JavaScriptable social network mashups”. This would allow people to use their identity data securely in various contexts, so they can keep their privacy and control intact across services.
Of course, decoupling identity and picture data isn’t necessary to make sure they’re saved for the long term, but it would make them much more easy to control and delegate, which would help. If we had standardization for identity data we could at least create backups (or sync) across services, storing copies for the day that our primary service provider goes black so we can switch to another one.
But an even simpler way to help get this started, one that we could implement right now as standards mature, would be for all services that store identity data to merely let their users export it freely in already-existing formats. That rainy-day copy might not work with other services yet, but at least we would be able to print it out and store it in a shoebox for safe keeping.
“I have a policy which I assert over my stuff that I control, which is this protected zone in the cloud. And I have some real control over how I define policies over that thing and who gets access to it and on what terms. And I get to audit that access in a coherent way.” - This is a loaded statement or perhaps the devil is in the details because despite numerous discussions in the tech blogosphere, I have yet to see anyone or any organization define such policies that work for everyone. I have asked this question before, does it make sense to have a focus effort to try and define privacy standards like OAuth, OpenID, etc did for authorization and identity.
Bob, this is definitely a loaded statement and something that will play out over years, not months. But I do think that we can give users the benefit of the doubt, trust them, and give them tools to export and share at their discretion, and then fine-tune software over time to make it easier.
[...] Published June 23, 2008 data portability , user privacy Today, I came across this post “Are shoeboxes better than Flickr?” and it got me wondering (again) whether it is time to define open privacy standards much like [...]
@Bob
This topic came up at the Data Sharing Summit and provoked quite a debate. The closest we came out to it was that any company or body attempting to define privacy would have the same problems as anyone trying to define relationships; it simply wouldn’t reflect real life.
The only solution that we saw was to allow granular tagging of relationships and content so that privacy controls could be defined by each user, rather than each company. It means that privacy can be as complex or as simple as the user wishes.
I agree, however, that the subject deserves the kind of attention that others such as authentication have received if we are going to really make progress.
@Tony, Joshua,
I agree that this is a difficult problem to solve. While tagging of relationships allow users to define privacy to be as simple or as complex as they wish, without a standard taxonomy that information is not going to be useful IMHO.
I feel that chi.mp is in a unique position to address this issue head-on especially if the effort has the same level of attention as OpenID and OAuth. I am willing to get something started if you some of you guys are willing to participate, thoughts?
Enjoying the blog, folks. Signed up for an alpha account of chi.mp, and looking forward to meeting Myles at his meetup tomorrow. I vote for a shoebox by default with tools to tag data on my home network or dedicated cloudspace. Those same tools should allow me to share with other networks on an item-by-item basis, right? But, I only want one dynamic user interface, right?
** manage their health records on Health Vault or Google Health. **
what!?! you people in the USA give your health records to Google?
That has to be one of the dumbest things to do. And you probably think it’s a good thing…