Blogs as Personal Aggregators

Om blogged some thoughts after 12 years of blogging and came to the conclusion that one’s blog is one’s digital home. It is not only where you start new conversations, it should also be where you aggregate and archive the fruits of conversations you participate in out on various social web platforms.

And while I embrace every new social platform with gusto, I find it frustrating that my point of view is spliced across various networks. I think the blog is the one that ties it all together — a central location where you fit together all the Lego pieces.

– Om Malik on the role of blogs, In 12 years of blogging, the more things change, the more they stay the same

Most blog platforms support widgets which can bring in streams of your updates from various services. It started with flickr, delicious, and last.fm but soon all the other social services joined in. Twitter widgets are the latest incarnation of the sidebar social widget which you can install today.

Before Facebook arrived to suck out all the oxygen from social aggregator services there were a number of services, most famously FriendFeed, which would pull in all your updates from across the web on to one page. MyBlogLog was another.

While I was working with the MBL team we were hard at work pushing forward the aggregation feature but with one unique twist. While you could go to your MBL page and see anyone’s profile along with their newsfeed (we called it “New with you”), we also gave you the option to grab the javascript that let you run this widget on your site as a “full page widget”

MyBlogLog Full Screen Widget
MyBlogLog full screen widget configuration page

 

I have yet to see a suitable replacement for this code. I run a plugin called Social Stream on my site but it’s doesn’t quite do the trick. Efforts such as the Locker Project and it’s hosted cousin Singly seem to have lost momentum.

The web is a collection of digital artifacts. Text, photos, sound files are by-products that are digitized and indexed. We use search engines to locate these artifacts but no one has built a way to tie all these artifacts back to their owner. Until you tie the collective digital artifacts of a person together in a unified way and follow it over time, you don’t really know that person.

I’ve written about this before but the pendulum swings back and forth between the convenience of social networks on the one hand and the independence of owning your own domain/blog on the other.

Which Network do I Use?

  • Instagram Direct vs. Snapchat
  • Facebook vs. Twitter
  • AIM or Yahoo Messenger or MSN Messenger

Once the commoditization of the latest communication protocol has proliferated, the pressure to consolidate identities pushes the updates to a neutral platform which is always the blog.

This is why I always maintain my own domain and host my own archives. Everwas.com is a digital representation of my life, my virtual self. I have posts about my marriage, my children, my career, observations on places I’ve lived – all other matter of stuff. It’s too important to put under another brand’s name, it’s too precious to be held ransom by anyone’s monetization strategy.

Go ahead, play around with the latest social shiny thing but be sure to save the best for your blog. You’ll be thankful you did.

Further reading:

 

#indieweb

Chris Poole on Identity

Chris Poole (4chan, canv.as) spoke about identity at the Web 2.0 Summit going on right now in San Francisco. Many point to his talk as the most impactful and thought-provoking.

Facebook and Google do identity wrong, Twitter does it better, and I want to think about what the world would be like if we did it right.

Facebook and your Contact Info, a Proposal

Facebook just announced that they are suspending a previously announced expansion of their API allowing third party developers to request access to a user’s address and phone number. Some history and a modest suggestion follow.

When Facebook announced Facebook Connect in 2008, Dave Morin wrote about a concept he called Dynamic Privacy. Facebook Connect would let developers to access your profile but data retention policies required developers to flush this cache of data and refresh it every 24 hours. This way, Facebook could  guarantee your data would not only be current but also deleted if you decided to revoke an application’s permission to access your profile.

Since then, Facebook’s data caching policies have been relaxed. With every Facebook platform developer hitting their servers for a data refresh every 24-hours you can imagine the impact this had on the Facebook infrastructure. In April 2010, Facebook announced that the 24-hour data caching policy would be removed. Developers rejoiced. Facebook operations could relax again. But, for users, the promise of Dynamic Privacy was no more.

Fast forward to last Friday’s announcement that Facebook would allow developers to ask for access to your profile Contact information such as home address and phone number. Without Dynamic Privacy, an application could ask for access to your contact information and keep it. One stray click could give out some very personal data.  There’s no way to opt out of giving out this information in error. No way to put your phone number or address into a special bucket that is locked down to all but a handful of mobile or shopping applications that would be greatly enhanced with access to your phone number.

Rules-based Privacy

Is there a way for Facebook (or any service) to grant access to information provided the conditions under which I grant this access are maintained? How can Facebook ensure that anytime I delete my information it will also be removed from any sites that ever had access to this info? What if I store my private information with a site such as threewords.me which, after only a few weeks in play, is auctioned off to the highest bidder? Is there a way to require the eventual new owner to re-acquire permissions to my contact data. The Facebook Platform Policy currently states:

You will not sell any data. If you are acquired by or merge with a third party, you can continue to use user data within your application, but you cannot transfer data outside your application.

My reading of this is that the new owner of threewords.me can use the data as long as it is used in conjunction with the operation of threewords.me. This includes any future features added should they improve the site to meet their needs. In 2008, the passage of 24-hours required a data refresh, in 2011, at a minimum, legal change of control should do the same. The Platform Policy further states,

You must not give your secret key to another party, unless that party is an agent acting on your behalf as an operator of your application. You are responsible for all activities that occur under your account identifiers.

What if the statement was re-written so that an application’s secret key can never be transferred? Any new owner of an application could run it using their own secret key but it would kick off a refresh of all requested user data. This request could be sent out as via a notification on Facebook Messaging or an alert that would appear the next time the user tries to use the application or web site. Maybe this is already the case but it would be better to state this clearly.

So my modest proposal to bring back the original intent of Dynamic Privacy is,

  1. Revision of the Facebook Platform Policy to clearly state that change in ownership would require re-authorization of grated user permissions.
  2. Enforcing limitations on transferring application secret keys by tying each key to verified named accounts only. An example of this is how domain names are tied to an administrative and technical contact who are legally and technically responsible for activity on that domain.
  3. Requiring all applications to support the Deauthorization Callback and extending it with an API call that is authorized to overwrite or remove data on the 3rd party server. All domain-name root servers are given the ability to update the hosts file information on their downstream servers. Might a similar root server role be appropriate for Facebook as the provider for your private data stored on all downstream applications?
  4. The option for users to place personal data into a more secure area which would require more than a single click to grant access.  Something that requires two step authorization and sends me a confirmation email informing me that this access has been granted.

The best way to build up trust is to put in place features that give users control and the option to take something back. These are the post-lunch ramblings of an observer. Please correct me if what I’m suggested is crazy talk!

Raindrops and Private Clouds

Before Christmas I posted about the possible break-up of clouds.  For the past 5 years or so, the usual suspects such as Yahoo, and Google, and more recently Facebook and a re-vitalized AOL have been sucking up smaller collectives of socially active sites in search of rich pockets of user engagement.

Clouds are an apt metaphor because we’re reaching a time when some of these large, ad-supported clouds are getting too heavy and are starting to look for ways to offload sites which don’t monetize by either shutting them down or selling them off. Think of the threat late last year to shut down delicious.com as the first cloudburst which resulted in a shower of users taking their data fleeing that cloud in search of a new home.

FourSquare announced that they’ve added photo uploads to venues for their check-in service.  This leads me to ask, why they make me upload new photos for places I’ve been. I’ve got year’s worth GPS-encoded of photos sitting on Flickr. 4Sq can cross-reference the location and time stamp on my photos, match it up with my check-in history and get a bunch of photos for venues right away.

Why doesn’t FourSquare let me push in photos from my Flickr account? Are they worried about mis-matches? They could use a little Machine Tag foo and let me select which photos to link to a location. Most likely it’s just a pain to build a connector. Better to start over and build up your own dataset right? It’s cleaner, more current, and they avoid the legal hassles of having to partner with Yahoo, much better to own the data right?

The nagging problem about tying venue photos to images hosted on another cloud is that it opens 4Sq up to dependencies. Do they really want to rely on flickr to host their venue photos? Not only do they lose  editorial control over those photos and if a photo turns out to be offensive or violates some kind of copyright, who is at fault? FourSquare? Flickr? Yahoo? Most likely you’re going to have to cut some kind of deal which means the Biz Dev guys have to get involved. Contracts, SLAs, a big pain which limits your options in the future.

Tim O’Reilly posted a while back that the tendency of Web 2.0 companies is to monopolize their vertical to secure control and cut dependencies:

One of the points I’ve made repeatedly about Web 2.0 is that it is the design of systems that get better the more people use them, and that over time, such systems have a natural tendency towards monopoly.

If big companies get too protective of their data and the legal hassles around free exchange of data make it harder for consumers to connect their data in these clouds together, we’ll all be forced to either throw our lot into a single cloud which gives us the most complete suite of connected services (facebook or google) or risk tenuous connections in search of our own, best-of-breed solution.

Consider the alternative. Consumers hosting their own data. Check out Pogoplug, this neat little service that sticks an ethernet port into the back of a external hard drive that sits on your desk and connects directly to the Internet, turning that hard drive into your own little “private cloud.”

What if your Pogoplug held all your photos, blog posts, status updates, scrobbling history, and other lifestream detrius? You can stream it out the back and use it to feed flickr, facebook, and your other favorite caching layers where people can view it. Again, I’m not suggesting you serve up to the internet at large via this little box on your desk, that would be madness. Just have all or originals there and use your favorite social network, photo/video/link sharing service as the copy that feeds your fans. The important point is that the source, the seed for all these large clouds to which you syndicate, is under your control.

If a shiny new photo-sharing startup catches your eye you can give it a shot by forking off a feed of your photos to it’s API endpoint and get started with a collection of your own stuff on their service. No need to export from old photo-sharing site to this new one, you’ve got the raw data sitting on your “private cloud” and can start with a clean copy of your entire archive.

For further reading, there’s a healthy thread between Jeffery Zeldman, Tom Henrich, Jeff Croft, Tantek Çelik, Kevin Marks, Glenda Bautista, Andy Rutledge and others about the methods, and even necessity of hosting your own data. Tantek, for one, has put his money where his mouth is and is busy writing software and pushing this vision.

I’m building a solution, bit by bit. It’s certainly incomplete, and with rough edges (Jeffrey has pointed out plenty of the areas that need work), but iteratively improving as I find time and inspiration to work on it.

I’d rather host my data and live with such awkwardness in the open than be a sharecropper on so many beautiful social content farms.

This is what I mean by “own your data”. Your site should be the source and hub for everything you post online. This doesn’t exist yet, it’s a forward looking vision, and I and others are hard at work building it. It’s the future of the indie web.

Tantek.com, On Owning Your Data

If this kind of stuff interests you, check out IndieWebCamp in Portland this June.

Back to Blogging?

Paul CarrThnks Fr Th Mmrs: The Rise Of Microblogging, The Death Of Posterity

by constantly micro-broadcasting everything, we’ve ended up macro-remembering almost nothing.

Leo LaporteBuzz Kill

I was shouting into a vast echo chamber where no one could hear me because they were too busy shouting themselves. All this time I’ve been pumping content into the void like some chatterbox Onan. How humiliating. How demoralizing.

Seth GodinMoving On

It took a year or so, but I finally figured out that my customer wasn’t the reader or the book buyer, it was the publisher. If the editor didn’t buy my book, it didn’t get published.

Paul Carr has pulled back on all social media outlets except his twitter feed. He writes for a living and wants to maximize the value of his writing and own a more complete, thoughtful record of his life.  Leo Laporte realized as that despite early indications that social media amplifiers such as Twitter or Google Buzz are great for building awareness, it’s not so great when everybody is too busy shouting their own message to listen to yours. And Seth Godin is giving up on traditional book publishing and will now use his blog to directly communicate his ideas.

People are re-examining the blog as a place to record your thoughts and communicate directly with an audience. In the case of Paul and Leo, the failed filter is a transient third party social network feed and the associated black box algorithm of Re-Tweets, Likes, or Favorites. In Seth’s case, failed filter is the “fundamentally broken”  architecture of the publishing industry.

Are we seeing a trend back towards the digital “long form” blog post as the happy medium (pun intended)?

Internet OS – an Update

Long post by Tim O’Reilly on the current state of the Internet as an Operating System. Many key developments that see this idea coming together and Tim connects the dots in a compelling way to complete the picture. The key piece for me is Social. The Internet OS still does not usefully recognize that we have multiple social graphs that depend upon application and context. Current solutions such as Facebook Connect currently assume a universal “friend’s list” which doesn’t address this subtlety.

Whoever cracks this code, providing frameworks that make it possible for applications to be functionally social without being socially promiscuous, will win. Platform providers are in a good position to solve this problem once, so that users don’t have to give credentials to a larger and larger pool of application providers, with little assurance that the data they provide won’t be misused.  (Emphasis mine).

This is a key problem that needs to be solved. Location-based services and mobile devices are pieces of the puzzle but more synapses are needed to make it work effortlessly.

Dating Site Profile Pics

The dating site okcupid.com published a fascinating study of their member profile pictures to validate and debunk what makes for an attractive profile picture, one that generates conversation and interest which is important if you’re on a dating site.

clothes

Some of the findings:

  • Smile for the camera if you’re a girl. Guys do better if they look away, be the man of mystery.
  • Despite what most think, the self-posed MySpace shot is the single most effective photo for women. The poor quality of the cellphone in mirror more than made up for my the sense of intimacy.
  • Ab shots (“headless horsemen”) for men are successful in youth but fall off quickly as you get older when I suspect it gets kinda creepy in an ex-con way.
  • Cleavage shots for women are always a hit and actually do more for older women than young.

This is a dating site and they measured effectiveness on number of conversations. People are looking for love here so they are going to emphasize certain things about them. Furthermore, there is no correlation to what is in their photo and what they write on their profile. I would love to see a similar study done on profile pics on a regular social networking site such as facebook or twitter.

What does your profile pic say about you?

How does OpenSocial map identities?

I’ve been pouring over all the commentary on yesterday’s announcements of Google’s OpenSocial initiative. I’ll reserve judgment until the MyBlogLog team has had a chance to check out the documentation to see what’s possible. One open question I have is the one raised in this post by Dan Faber about the GetFriend call,

MySpace CTO Aber Whitcomb’s MySpace profile incorporates a widget from Flixster that shows what his MySpace friends think about certain movies. In order for that to happen, MySpace must look that information up in Flixster and the question I basically had was “How does the process know how to map a MySpace identity to a Flixster identity.”

This mapping is key. From what I can see in the API docs, you need to look up each person on a service and get back a service specific list of that person’s friends on that service. For example,

http://orkut.com/feeds/people/14358878523263729569/friends

This gets you a list of all the friends of this person on Orkut. This gets back a list of member IDs specific to Orkut. These member IDs can be used with the fields populated by the service to retrieve things like,

  • Display Name
  • profile url
  • email address
  • IM handle
  • phone number

This is what I glean from the API Reference doc. There is also another field called gd:extendedProperty where each service can put their own, service-specific information but it is not clear if this will extend to include a unique identifier that can be used to map a “John Smith” on one system to a “John Smith” on another.

So in order to make something like a flixter module work in a MySpace page to show what your MySpace friends are doing on Flixter this is what happens,

  1. Login into MySpace
  2. Have Flixter module lookup your MySpace friends via OpenSocial
  3. Have OpenSocial return a list of your MySpace friends with their OpenSocial numerical identifiers
  4. Parse the response for unique identifiers that you can use to lookup a list of Flixter users via OpenSocial
  5. Figure out which of the responses that are returned are, in fact, the same people on your MySpace friends list

Again, how do I make sure that “John Smith” that is on my MySpace friends list is the same “John Smith” I get back from Flixter? What if 20 “John Smith” records are returned? Which one do I present? I can double check email addresses but that can no only be easily spoofed but also the email address I use on MySpace might be different from the email address I use for Flixter.

MyBlogLog Services TabThis mapping is key. MyBlogLog has a Services tab on each members’ profile (click on graphic for a larger view) where members can enter all their identities on different social networks. This was built as a simple locater service because MyBlogLog members like to find each other where ever they hang out. MyBlogLog could be this mapping table but, as it’s built right now, there is no authentication to prove you own the profile you put into the table (other than Facebook) so we’d have to build that authentication layer in.

Maybe this is where OpenID comes in? Can OpenID serve as the unique key that ties this all together? Why weren’t they part of the announcement? This seems like a key bridge that needs to be put in place before all the pieces work as advertised. Am I missing something?

Update: Bob Warfield posts that Google ID is the recommended key to tie everything together via something called AuthSub. I sure hope this isn’t the only mechanism going forward. This brings us right back to a centralized, shareholder-owned, authentication service which isn’t very open.

Squitters

Some internal discussion here on people that grab brand name Twitter handles so they can later sell them to the highest bidder. Like the domain squatters of old. Remember Joshua Quittners mcdonalds.com stunt? Yahoo colleague Ryan Kuder came up with the term.

squitter n. an individual who grabs a brand name twitter handle for future profit.

Let’s see how long these stay open:

http://twitter.com/mcdonalds is taken.

Pitching for the Yankees – “Ian-Kredible”

Ian Kennedy makes the cover of the New York Post

So I’ve been following my doppelganger’s budding baseball career ever since he first blipped up on my Technorati feed as a hot prospect for the Yankee’s draft last Summer. I’m super-pleased to see that the young Ian pretty much aced his debut as a pitcher against the Devil Rays and has earned himself another start in the next five days or so. Out here in California we don’t get the Yankee’s games on TV so I unfortunately couldn’t see him perform but according the the write-up in the NY Post;

Kennedy allowed three runs – one earned – and five hits in seven innings and earned himself another start, Joe Torre said. Kennedy struck out six – after one, the scoreboard flashed, “Ian-Kredible” – and walked two, throwing 66 of his 96 pitches for strikes.

Not bad at all – way to uphold the name!

UPDATE: Further coverage:

This Guy Ian Kennedy was Born Ready – 23 family members and friends made the trip to NYC to see him play.

Joe Torre post-game interview – “the kid has real poise”