Via Kottke comes this embarrassing faux pas for Facebook over on Dave McClure’s blog:

“my former PayPal colleague Yishan Wong, now an ass-kicking, name-taking engineer at Facebook, lays the “Walled Garden” rebuttal smackdown on Kottke, Arrington, et al. you go, Yishan… you just go.”

Problem is, the rebuttal is only visible to certain Facebook users! Here’s what I got when I tried to read the post (and I have a Facebook account and was logged in at the time)

Now, the irony of this is almost too much to bear. Getting a permissions wall when attempting to read a rebuttal about not being a walled garden is just, well, something you can’t make up.

But this is a very real problem in identity ownership and it raises a larger question: Do you know who can see what you’re publishing?

It’s doubtful that Wong doesn’t know what walled-garden means. My guess is that Wong is so steeped in the Facebook culture that he’s starting to think that if it doesn’t happen on Facebook, it doesn’t happen. (of course, I cannot read his rebuttal to hear his side of the story) Facebook has millions of people on its service, and a lot does happen there. But it’s still a drop in the bucket of what happens on the Web. The fact is that billions of people outside of Facebook cannot read his writing.

A worse scenario would be if Wong thought he was publishing to the rest of the world but didn’t anticipate the wall that Facebook was erecting. So not only is he playing in a walled-garden, but its possible that he doesn’t have the ownership over his identity that he assumed he did. I wonder what Wong expected would happen when he published?

This faux pas, while humorous, isn’t really that funny in the big picture. Publishing rights are certainly an important part of identity…who can see what you’re doing and writing is a major issue, not just in social networks but in the Web at large. There are system-level policies and tool options that dictate who can see what, and in this case there was an obvious mismatch between what the owner thought and what the system thought. Too bad.

Facebook often claims that they don’t want to open up because they want their users to know exactly what sort of control (and privacy rights) they have over their data, but in this case even their own engineer doesn’t seem to know the details of the system he’s publishing on. If this sort of thing can happen to a Facebook engineer, imagine how inaccurate the views of us regular folks are.

A scary story out of the L.A. Times: Social networking site divulges child’s personal data

“Jane Yang, a 30-year-old marketing coordinator, was curious the other day to see what would turn up if she searched for herself on Reunion.com, a Los Angeles-based social networking site.

Sure enough, there was her name, which didn’t bother the Oregon resident all that much. Nor was she particularly troubled that her husband’s name was included under her “Friends & Family.”

What did startle Yang was seeing the name of her 4-year-old son.”

There are several scary things about this story, the least of which is the fact that a 4-year old’s identity information somehow found its way onto the reunion.com’s servers and into public view.

One is that Yang found this information by chance, which suggests that this is only a single case of a much larger problem. Another is that reunion.com’s CEO has absolutely no clue about how or where his company gets information.

“He (the CEO) said he can’t explain how the name of Yang’s 4-year-old son made it online, or where it came from in the first place. In fact, Tinsley said he doesn’t know where much of the data on his site originated.

The information, it seems, was purchased from a “data broker”, who apparently sold as many as 260 million records (almost the entire population of the United States!) to the site this spring while promising that nobody under 18 would be included.

Whoops.

Allen Hurff (of MySpace) talks privacy & portability from Brian Oberkirch on Vimeo.

I did a quick interview with Allen Hurff, MySpace technical lead, while we were at Graphing Social Patterns.

John McCrea of Plaxo talks portability & privacy from Brian Oberkirch on Vimeo.

Talked a bit with Plaxo’s John McCrea at Graphing Social Patterns, just before our panel on portability and privacy. You should check out the new show John and Joseph Smarr are doing at TheSocialWeb.tv.

Jon Udell, in a return visit to the Gillmor Gang, shares his vision for a future in which we control our own identity and digital content:

“What I ultimately want is for people to be born and to be given a social security number and to also be given control over some chunk of space in the cloud, some chunk of name space. And for all the stuff that they care about throughout their life to be there, controlled by them, and for the access to that stuff to be syndicated out in a controlled fashion so that…

Just for example, right now we expect people to manage their photos on Flickr and manage their health records on Health Vault or Google Health. And manage this, that and the other on this, that or the other service in the cloud. Right?

And the notion is that each of these things is kind of like this vault that you put your stuff into. And I really would love to flip that model around, and I would love the model to be that I’m me and this is sort of the cloud extension of me. And it has this stuff in it that I put there.

And then I define who has access to it and where that information flows or syndicates to and on what terms. And what that means is, that when I decide that I want to share something to my friends and family, I say one time what my definition of friends and family is. It’s not my Flickr definition of friends and family versus my Live Mesh definition of Friends and Family versus yadda, yadda, yadda.

I have a policy which I assert over my stuff that I control, which is this protected zone in the cloud. And I have some real control over how I define policies over that thing and who gets access to it and on what terms. And I get to audit that access in a coherent way.”

Udell then points out that there are two types of data here:

“So…why…does Flickr bundle together the notion of storage and archiving with the notion of social interaction with my photos?

Those are actually, in my view, separable concerns. I actually should be able to outsource the storage and archiving to some other provider. And in fact, there should be a range of providers that are making offers to me and there should be a sort of tiered set of offering there. Because right now, my digital photos, the stuff I’ve taken on digicams the last 10 years, I feel are less likely to be available to my grandkids than the shoebox that I have on the floor next to me which has photos from my grandparents era.”

While Jon’s statement seems silly on the face of it, given that you (in theory) can have as many copies of digital content as you want…he has a point. If you’ve cultivated your photos and access controls in a single service over many years…you really don’t have many copies…you have only one. And without the ability to easily get a copy, combined with the current volatility of Yahoo (Flickr’s co-founders just announced they’re leaving Yahoo), Jon turns what should be a silly notion into a very real concern going forward.

Mozilla’s Brendan Eich responds that to reach Jon’s vision it’s going to “require standardization of things like identity and secure JavaScriptable social network mashups”. This would allow people to use their identity data securely in various contexts, so they can keep their privacy and control intact across services.

Of course, decoupling identity and picture data isn’t necessary to make sure they’re saved for the long term, but it would make them much more easy to control and delegate, which would help. If we had standardization for identity data we could at least create backups (or sync) across services, storing copies for the day that our primary service provider goes black so we can switch to another one.

But an even simpler way to help get this started, one that we could implement right now as standards mature, would be for all services that store identity data to merely let their users export it freely in already-existing formats. That rainy-day copy might not work with other services yet, but at least we would be able to print it out and store it in a shoebox for safe keeping.

Yesterday Facebook, in explaining why they won’t play nicely with Google’s Friend Connect, took a policy directly out of the Bush Administration playbook.

It’s the policy of “we know what’s good for you better than you do”.

So while the Bush Administration dissolves our civil liberties in the name of protecting the country, Facebook is dissolving our ability to share information the way we want to in the name of privacy.

Is this a silly comparison? Maybe, but we are talking about personal identity data here. It’s important.

Facebook’s Charlie Cheever says:

“Privacy and openness go hand-in-hand – as we open up, we have to make sure that users always have control of their information, and understand how and where it’s being used.”

If Facebook truly believed this, then Beacon would never have happened. The double-speak coming out of this company is really astounding. While many millions of people who use Facebook don’t care enough about the company to actually parse this stuff, technologists aren’t fooled in the least.

Michael Arrington has a similar sentiment: “How dare Facebook tell ME that I cannot give Google access to this data!”

What’s worse is that Facebook is being dishonest. They’re lying about the real reason why they won’t allow this. Instead of saying “well, as a for-profit business it’s not in the best interests of our shareholders” they’re trying to have their cake and eat it too by suggesting that Facebook users are in control of their own data.

Are we in control of our own data on Facebook? Hmm…

Was I in control of the data that Facebook was giving to 3rd parties in Beacon?

Was I in control of my news feed data when that feature was first rolled out?

Were the countless people who tried to get their accounts deleted in control of their data?

The answer to all of those questions, of course, is NO. I am not in control of my own data at Facebook, you are not in control of your data on Facebook, and we never have been. Please don’t pretend that I or anybody else has control of our data, Facebook. You’re insulting everyone’s intelligence, even your own.

So forgive me for the analogy, but just like the Bush Administration, Facebook is all spin. It’s too bad what was once a fun, exciting service is now taking its cues from the ultimate spinmeisters down on Capitol Hill.

We are often free and easy with the definitions of those things that mean most to us. We all applaud freedom, and yet often do not take the time to distinguish what kind of freedom we mean. It is the curse of all slogans that they somewhat lose their power when accompanied by an asterisk. Over my next few posts I’d like to look at the wider implications of identity and ownership and unpack the asterisk.

Dick Hardt does a far better job than I ever could here of introducing the multi-faceted components of identity in his OSCON talk on identity 2.0 and if you haven’t seen it, you should. The point is well made that our physical identity is a pretty amorphous term that encompasses any number of different aspects from our name and passport to the car that we drive and the same can be said for online identity. For me however, we can distill the core components of our online identity down to the ABC of Identity:

• Authentication - I am who I say I am - my OpenID, my usernames and passwords.
• Brand - My photos, my designs, my words, my friends, my reputation, my choice of services and companies - how I choose to represent myself to the world and how the world in turn chooses to represent me
• Communication -  How I choose to communicate and the identifiers that I use - my cell number, my email address, my IM handle.

The more coherent my identity is across these three facets, the stronger each individual component becomes. If I want to encourage adoption of a new identity component, my task becomes easier if I can link it to one of the other components. The standard username/password set either links brand (nickname) or communications (email address) to authentication. The key representation of my brand on Facebook or Myspace is strengthened by that profile being linked to my communications, messaging occurs between personal brands.

This has wider implications for consumer adoption of OpenID. One of the key barriers to adoption raised by critics is that for mainstream users the idea of typing in a URL in order to log in to a website is too much. The argument is that the ‘cognitive load’ of typing in a URL is substantially greater than typing in your email/username and password.

However, the cognitive load springs not solely from the problems of typing in a URL (though the complexity of the URL plays a role); the issue is one of emotional rather than cognitive load; the URL as authentication is often totally divorced from the other components of their identity. If, for example, http://johnsmith.myopenid.com has no relation to my brand and I can’t use it to communicate, that URL has little emotional resonance and means that typing in this random URL to authenticate who I am is less intuitive.

If we really want to see OpenID adoption take off, we should look less at throwing up a multiplicity of buttons to ease the flow and look more at how we can build the links between authentication, brand and communications. This could be done by mainstream brand repositories like Myspace becoming OpenID providers, and myspace.com/johnsmith becoming the place where my brand, communication and authentication come together in one URL that represents the totality of me. Focused OpenID providers like JanRain could build out what are currently fairly bland profile pages to make them more full-featured strengthening that expression of my brand. One might argue that with Livejournal, this was the original promise of OpenID. However, we still run into the problems of centralizing your life on a URL that you don’t control.

Domain-centric identity solves this problem to a great extent: If Johnsmith.com is the home for my brand, the domain through which my email and other communications flow (john@johnsmith.com) and OpenID providers provide domain delegation, I can create a flexible, permanent home for my identity centered around a URL that represents me with an experience that no longer feels fragmented or divorced from who I am. Instead of typing in john@johnsmith.com, I am merely typing in johnsmith.com. It does us good to remember that OpenID holds more than the promise of one password, it holds the promise of being one person.

Most folks don’t think twice about the interfaces they use. They use software to get stuff done, to do work, rarely stopping to consider how that interface is dictating their behavior.

Interfaces are, by their very nature, both enabling and confining at the same time. While they allow us to do some interesting thing, they completely dictate how we must do it. They constrain our behavior, defining a rigid set of allowable actions that we must abide by. If an action isn’t available in an interface, then for all intents and purposes you can’t do it. When an interface designer creates an interface, they are not merely adding features, they are drafting the laws of the land.

Over time, we accept the dictates of our interfaces. We come to align our expectations with the interfaces we use. This was the power of Windows for many years. So many people started using computers that happened to be running the Windows operating system that they never considered there were alternatives. Windows was computing.

Similarly, web-based interfaces have taught us a bad lesson: that we don’t own our identity data. We upload information to a web site and forever forward are confined by the hidden privacy policies that we never read in the first place. Because software wasn’t providing features to get that information back out again, we never thought to ask for it. We assumed, slowly but surely, that this was the way web-based software was supposed to work.

Thankfully, this is changing. Consider this wonderful feature on Dopplr, a site to manage your trips. When you choose to close your account, Dopplr exports all of your data and sends it to you via email, by default. Without you asking. And Everything.

Now, most software doesn’t look after us like this. Most software teaches us that in order to keep our data, we must keep using the service. It’s not even polite about it.

But when Dopplr reframes our world with such a simple feature as this, people notice. Here’s the reaction of someone who was pleasantly surprised to get a data-filled email after they closed down their account:

“(Dopplr) clearly get that the owner of the data isn’t them, it’s me and that I shouldn’t have to jump through any hoops to take my data with me after I’m finished using their site. This sort of attention to detail and user friendliness in something as normally mundane as closing an account is exactly the kind of thing that makes me remember them and want to return to their service”

Kudos to Dopplr for teaching their users what is possible with the data they own.

Noticed a nicely-designed element on the Get Satisfaction signup form today.

While creating a new profile, Get Satisfaction asks you if you happen to belong to one of a few sites that serve up hCards. (they may be using an API as well) If you do belong to one of the sites, simply enter your username and getsatisfaction will pull down your hCard and pre-populate your new profile with the information. Nice and simple.

They’ve done several things well with the design, which I’ve annotated in Skitch…

Very nice interface element. Well done!

Know of any other well-executed identity-related interface elements?