- The Way We Work: Twitter del.icio.us Hack
- Video of Scalable Theming Session from Drupalcon Boston
- Google's Mapping User Experience; Where have you been?
- The Importance of Strategies, Operating Plans & Success Metrics for NGOs
- vi, Drupal Search, and Playa Del Carmen Retreat
- "Breadcrumb" Definition
- Support the Warrior, Not The War.
- Firefox Tip: Changing Default Browser URL Bar Behavior On Click
- DrupalCamp Seattle Wrap Up
- DrupalCamp Seattle Underway
Twitter Feed
RSS FeedGoogle's Friend Connect vs. Your Privacy
Google is announcing Friend Connect tonight, a service advertised to "help website owners grow traffic by enabling any site on the web to easily provide social features for its visitors." Friend Connect employs OpenID and oAuth which is a good start, but how it puts them together is lacking vision and, disturbingly, may raise significant privacy concerns.
Google is a member of the Data Portability Working Group which is working on open standards that tackle difficult issues such as privacy, control and data exposure. Unfortunately, while Google is thus aware of the issues, it has instead chosen to create yet another closed system where the social graph and all of the key connections people make is contained on Google's servers. Friend Connect provides its services in an iframe that makes integration simple - and thus will speed deployment - but limits flexibility. While undeniably powerful given Google's ability to datamine net connections, this is neither open nor user-centric.
In creating Friend Connect Google seems to by throwing its weight around in the social network sphere in much the same way Microsoft does regarding web interface standards. In the latter case, Microsoft - knowing it owns nearly 90% (and shrinking) of the browser market - has the power to disregard internationally accepted web standards with respect to how elements are displayed on the page, causing headaches for web developers building to the standards. Similarly, Google - knowing it owns a huge (and increasing) amount of link data - has the power to create seductive services that sites will use while disregarding community-developed best practices that support full user control over how, when and with whom data is shared.
I have to close with a disclaimer that all this is speculation upon what I've been able to discover so far with respect to Friend Connect which, as of this posting, has not yet been released and thus not reviewed. One can hope that they listen to the organizations of the Data Portability Working Group and the privacy concerns they are working to address.
- fen's blog
- Login or register to post comments
- Delicious
- Digg
- Technorati
I think Fen's got a real point about the privacy implications of a closed system like Google's apparently proposing. To be honest, I don't know if it's open or closed, or what the ramifications of their API might be. To me, though, there's juice for me in seeing the OpenID standard (and the Open Source meme in general) spread to the "non-trivially significant" Google userbase.
Google jumping into the social network pool is huge, I know, but the impact it'll have for wider-spread adoption of OpenID and general standards of openness and privacy are big, too.
Whether Google's FriendConnect succeeds then subsumes and replaces network nodes like Facebook or Yahoo remains to be seen. I rather doubt it though.
PDF was a proprietary standard and I remember fears about Adobe owning the file format. But now it's more or less an open standard. I don't see why the same thing couldn't be a possibility in the future with Google, too.
Anyway, to me, it is simply the evolution of social networks from bbs's to online services to myspace, then facebook, then Google, then someone else... We don't know what the future will look like, but we will be connected!
That is not in anyway to dismiss the concerns about privacy Fen pointed out. I think his observations are worth nothing. And in fact, are at a critical point - once the data's out on the pipes...
At the end of the day, though, the OpenID standard is growing and OpenSocial presents an open standard for data sharing and control (s far as I can tell). All sounds pretty good to me, threat from Google notwithstanding...
Here at CivicActions, we provide web services using free and open source software and open standards (that we have to bend sometimes to be compatible with Microsoft). This is a good for our clients not only because the software is less expensive and often better tested (by throngs of open source developers), but also because it offers what we like to call "zero lock-in" for our clients. That is, since none of the code is proprietary and it is all freely available, if the client ever decided they didn't like us or they found a better deal elsewhere, they could easily take their data and go somewhere else. In fact, we'll help them with the migration away from us (charging them our normal hourly rate, of course).
Online (digital) identity is a very personal thing. It incorporates not only a person's authentication credentials, but also their personal profile information as currently collected by each of the web service providers they visit. Collected together - and over time - this SuperProfile contains a lot of very valuable information that is currently entrusted to the various service providers that collect it. More importantly, it is not available to the person who created it. For example, Amazon can't make recommendations using knowledge of the books you bought at Barnes and Noble, and you can't take your MySpace friends over to Friendster. This is one of the ways Myspace "locks you in" to their offering.
A primary goal of the OpenID community is to provide user control over personal data. We call it user-centric digital identity. While Google's Friend Connect will help bring many of the features the OpenID community is aiming for (such as sharing of one's friends across sites) they are poised to maintain control over the connections. So Google will own the SuperProfile, and lock people in to their available services. This is extremely valuable information, and Google (as a business) is smart to jump on this as another primary goal of the community is to find ways to make money using these exciting new identity tools.
But I have to ask: at what cost? If we're just replacing distributed control of user identity with centralized control, is this what we want? I believe there are many more ways to monetize personal profile information when it is truly user-centric, but for that to happen, the current infrastructure must change. I believe it will change from the grassroots - from communities of like-minded people wanting to share information so that they can more effectively work for the causes they believe it, whether it's global warming or better child care. But when companies like Google jump in and provide enhanced services to existing large communities in exchange for control of peoples profiles (that they've never had control of anyway) they will be able to make a lot of money and people won't even notice the doors shutting on their freedom.
It's the Prisoners Dilemma in yet another form. If we all cooperate, we'll own our own profile data and service providers will be able to ask for and receive (perhaps anonymized) deeper and better quality data so that they can then provide their user community with the best possible services. But if a play defects (as Google is appearing to do) then one organization gains great benefit while the rest of us are locked into a rose-colored world of good services but no freedom to choose how our data is used.