You are currently browsing the monthly archive for February 2009.
Who owns your data? Should there be DRM on the content/data you share with others? What happens to your stuff when the service you shared it on has a catastrophic failure? These and other questions of sharing user-generated content are discussed on the latest episode of The Social Web TV, as Chris Messina, Joseph Smarr, and John McCrea welcome special guest, Larry Halff, of the fallen (and soon to rise again) community and social bookmarking service, Magnolia.
In my most optimistic moments, I think about how all this social media stuff (like Twitter, Facebook, blogs, and aggregators like Plaxo and FriendFeed, and more), which so many dismiss as a waste of time, is really paving the way to making us all smarter. Here’s an example of that.
When I was an undergraduate at M.I.T., my social network there connected me with an alum, Bob Kerns. I really liked Bob, and we had some great interactions, but our paths diverged, and I lost track of him. Then, a few weeks ago, we reconnected via social media, in this case on Facebook. As a result, we’ve been exchanging thoughts, and recently he posted so many pithy comments, that I encouraged him to transform them into a blogpost.
He did, framing it as a response to my last post, and I found it fascinating. One thing I particularly enjoyed was that he makes reference to having been “on the Internet since 1972″! I think my readers will enjoy his post in its entirety, so I will link to it here. Please consider: Minority Report: The Facebook Copyright Controversy: I See 404 Pages.
This provides some interesting perspective on what it means to post stuff online.
I am pleased to see a major shift underway in the prevailing thoughts on one of the most important topics relating to data portability, interoperability, and the emergence of the Social Web — the question of whether the service providers need to protect us with “social DRM” or trust us to do the right thing. Microsoft’s Dare Obasanjo has an excellent post on the topic, outlining the two schools of thought, and publicly declaring that he has shifted sides in this critical debate:
The issue of what to do with content a user has shared when they decide to delete the content or attempt to revoke it is in an interesting policy issue for sites geared around people sharing content. When I’ve discussed this with peers in the industry I’ve heard two schools of thought. The first is that when you share something on the Web, it is out there forever and you have to deal with it. Once you post a blog post, it is indexed by search engines and polled by RSS readers and is then available in their caches even if you delete it. If you send an inappropriate email to your friends, you can’t un-send it. This mirrors the real world where if I tell you a secret but it turns out you are a jerk I can’t un-tell you the secret.
The other school of thought is that technology does actually give you the power to un-tell your secrets especially if various parties cooperate. There are ways to remove your content from search engine indexes. There are specifications that dictate how to mark an item as deleted from an RSS/Atom feed. If your workplace uses Outlook+Exchange you can actually recall an email message. And so on. In the case of Facebook, since the entire system is closed it is actually possible for them to respect a user’s wishes and delete all of the content they’ve shared on the site including removing sent messages from people’s inboxes.
I used to be a member of the second school of thought but I’ve finally switched over to agreeing that once you’ve shared something it’s out there. The problem with the second school of thought is that it is disrespectful of the person(s) you’ve shared the content with. Looking back at the Outlook email recall feature, it actually doesn’t delete a mail if the person has already read it. This is probably for technical reasons but it also has the side effect of not deleting a message from someone’s inbox that they have read and filed away. After all, the person already knows what you don’t want them to find out and Outlook has respected an important boundary by not allowing a sender to arbitrarily delete content from a recipient’s inbox with no recourse on the part of the recipient. This is especially true when you consider that allowing the sender to have such power over recipients still does not address resharing (e.g. the person forwarding along your inappropriate mail, printing it or saving it to disk).
And, as he points out, Dare is not alone in this shift. Mark Zuckerberg and the team at Facebook clearly appear to be shifting stance as well. In his epic post On Facebook, People Own and Control Their Information, in response to the confusion over the update to the Facebook TOS:
Still, the interesting thing about this change in our terms is that it highlights the importance of these issues and their complexity. People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them—like email addresses, phone numbers, photos and so on—to other services and grant those services access to those people’s information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with.
We’re at an interesting point in the development of the open online world where these issues are being worked out. It’s difficult terrain to navigate and we’re going to make some missteps, but as the leading service for sharing information we take these issues and our responsibility to help resolve them very seriously. This is a big focus for us this year, and I’ll post some more thoughts on openness and these other issues soon.
Some of us tried to get this debate started in September of 2007, with the publication of the Bill of Rights for Users of the Social Web, by Joseph Smarr, Marc Canter, Michael Arrington, and Robert Scoble. In hindsight, the world was not yet ready for that debate; few took notice, and no actions came in response. Then, in January of 2008, when Plaxo was trying to get a Facebook contacts importer ready to launch, which would have enabled social address book sync between Facebook, Plaxo, Outlook, the Mac address book, Yahoo Mail, and more, it turned by accident and miss-communication into a major incident. By then the world was ready to argue and debate the key questions, but not ready to come to any consensus.
But over the course of 2008, projects like Google Friend Connect, Facebook Connect, MySpaceID, and the quickening drumbeat of progress for OpenID and the Open Stack helped the industry to think through the issues preventing data portability and interoperability. In the end, we’re all coming to realize that rather than try to prevent anything bad from ever happening via “social DRM,” we’re going to have to trust our users, so that we can enable amazing things to happen — like all your tools and services working well together!
The Social Web will be the biggest transformer/disrupter since the birth of the Web itself. What if you applied “social” to the relatively staid world of online posting of jobs? Plaxo gave its answer to that question today, with the launch of “social job listings” in partnership with Simply Hired. [Reminder/disclosure: I work at Plaxo.]
Wired’s Michael Calore did a great writeup on the news: Plaxo Debuts New Job Search Service for ‘Viral Hiring’
IMHO, the official Plaxo post I wrote on the announcement deserved more attention (but I’m biased), so I’m including some of it here (and linking to it, of course):
This is a great time at Plaxo. In 2008, we had triple-digit growth in all of our key metrics, including new users, monthly unique visitors, and pageviews. We increased our network density, with the number of connections in our next-generation social network skyrocketing from 2 million to over 30 million. We got acquired by a stable, profitable, and growing company, while remaining an independent business unit, resourced for growth. (We’re hiring.) And, we’re making great progress at becoming a vital social utility for one of the most valuable demographics: post-college professionals.
But, of course, we are well aware that most companies out there are in a different position, and that our members are confronting a deepening recession, rising unemployment, and decreasing job security. It is that sobering reality that inspired us to come up with a better way to connect job seekers with career opportunities, working together with Simply Hired, the largest job search engine, to introduce “social job listings” on Plaxo.
For users in the U.S., we’ve rolled out a new Jobs section on Plaxo, where hiring managers and recruiters can post new job listings, and where job seekers can browse or search postings from across the Simply Hired network. But jobs posted on Plaxo aren’t like job listings anywhere else; job listings on Plaxo are turbo-charged with the “social power” of your extended network.
What do you think? I, for one, am curious to see if this new form of job listing can bring greater efficiency to the now-more-than-ever important process of connecting job seekers with career opportunities. If you’re a Plaxo member and see a job listing shared with you, please consider “paying it forward” and re-sharing it to your network. Thanks!
A new episode of The Social Web TV just went up, “An Open Discussion with Facebook”. Chris Messina, Joseph Smarr and I welcome special guests from Facebook, Dave Morin and Luke Shepard. We recap the historic OpenID UX Design Summit, including what some are calling the “92% Demo” of the Plaxo/Google two-click signup experiment
.
I’m at Facebook headquarters in Palo Alto for the OpenID Design Summit that was announced last week along with the big news of Facebook joining the OpenID Foundation. I’ll be blogging it with photos and words, as I have at previous Open Stack events. The event starts at noon, and Facebook is live streaming it via Ustream. Folks are beginning to arrive. I see representatives from Facebook, MySpace, Google, Microsoft, Yahoo, AOL, PayPal, Plaxo, Six Apart, JanRain, and Vidoop. Isn’t it great that all of these companies can work together in the open toward a common goal that is good for the web?
Luke Shepard and Dave Morin kicking it off. “The core problem we’re trying to solve is the user experience for OpenID,” says Luke, who is Facebook’s representative to the OpenID Foundation Board.
Julie Zhuo from Facebook’s user experience team is our first speaker, talking about Facebook Connect’s approach to making the experience something users can understand. How can the user understand the value? Value: Skip filling out this form or having to register if you have a Facebook account. Showing CitySearch, citing that Facebook logo is present in the UI, but acknowledging the scalability issue (number of options, logos). What is the relationship between the RP and the OP. Problem: we want to message “Hey, these two sites are going to be tied togethr somehow.” Because the popup design was so simple, we could port it to the iPhone easily. What’s being shared? Instead of describing in text, an illustration of the two sites, with arrows representing flows of sharing. Simplification is a big theme of Julie’s talk. Philosophy: keep the first screen really simple; delay deeper stuff (like extended permissions) to later flows, in context. As a community, we need to figure out how to message and simplify. Showing auth screens for various providers. Can we simplify? Can we standardize?
Next up is Max Engel of MySpace. Sharing results of testing of OAuth, OpenID, and a hybrid of the two. First, OAuth by itself. An arrow linking AOL and MySpace was found to work better once the MySpace logo was moved from the right to the left, as users thought it meant something different when it was on the right. People were generally comfortable, but the experience was not always what they expected. OpenID standalone tested with Yelp (with hacked HTML, not fully working code). Users were confused. “When ‘open’ was in the term, people had security concerns,” says Max. Another confusion point, “When we gave hint URLs, people tried putting those in, instead of their own.” People felt less secure in the logged in pop-up than the logged out pop-out. Point of confusion in Yelp example: user logs in with a MySpace URL but was then prompted to create a Yelp URL.
Max continues. OpenID/OAuth Hybrid test was done using Netflix. Big security concerns, perhaps made worse by the commerce aspects of Netflix. Nice user quote, “Once you see it and once you get it, it seems really innovative and useful.” Users liked the hybrid experience in general. Tested “granular scoping” with lots of choices. This was the “crowd favorite” but no one missed it when the choices weren’t there.
Next, Brian Ellin from JanRain (says he doesn’t have a Twitter account; gasp). About to give a history of OpenID interfaces. “The benefit of OpenID? Sign in with an account you already have.” Most users (78%) have not heard of OpenID. Brian is showing what people have been typing into OpenID sign-in boxes. OMG, “elderly,” “I HATE YOU LADY GAGA,” “Hotmail,” their email address, or far to common: nothing. This is great. Showing all different UIs. Some that show canonical examples. Interactive versions, like TypePad’s, idselector, Clickpass, and MapQuest.
Now on to OpenID 2.0, where you can input provider, like yahoo.com. Showing brand power, with results from RPX. The demographics of the site shift the mix of which providers users choose for signup. Showing RPX and Plaxo ui now. Max Engel asks if JanRain has metrics for dropoff between the RP and the OP. Brian says not yet. I whisper to Max, “Stay tuned.” (As I know that Joseph Smarr of Plaxo has that in his presentation, coming after lunch.) Brian points out two key observations:
1) Brand selectors are good at letting users express preference, but at the time of choice, user has no idea which OpenID experience will be better.
2) Knowing which one the user chose, allows that brand to be more prominent in subsequent signin.
3) Once you add a button to your interface, you can never remove it.
Google is up next, with Eric Sachs, Breno de Medeiros, and Dirk Balfanz. Not sure if all will talk, but they’re all working to set up a demo. While we wait, I observe that almost every laptop in the room is a Mac (including mine). The Google team is going to demo the OpenID Popup that they released yesterday. Ooh, that is sweet. Love the “smoky” background. Can’t wait to roll that into the Plaxo/Google hybrid experiment! Funny quote, “If you have good feedback, channel it to Plaxo, who will beat us up.” 
Interesting question about the consent page. Has Google experimented with granular permissions, vs. having all the items consented to at once? “Yes. It was horrible,” says Eric Sachs. “People cursed at us when we did it one by one. They want it in a single step.” Wow. Important insight.
Next up, Joseph Smarr of Plaxo. Hilarious intro. (I’m biased.) “Hi! I’m Plaxo, and I’m in an open relationship with all of you. But it hasn’t always been easy. Sometimes it’s been confusing. And you haven’t met all my needs (for user data). By lately I’ve been spending a lot of time with…Google.” (Lots of laughs). “Experimenting with a new technique, that leverages more of the Open Stack.”
Joseph described the exeriment Plaxo and Google did, using hybrid OpenID/OAuth plus Google Contacts. Trying to prove that Open Stack onramping can be strictly better for all parties than traditional registration flows via a two-click signup.
Demo just went *great* and we’re looking at the final step. After the onramping, the new user is shown an “education lightbox” reminding the user where to look for the “sign in with Google” link.
Now, to the results. Drum roll, please. But wait! The RP/OP round trip, a.k.a “the Chasm of Death.” Asking the audience to guess the percentage of people who would survive. The crowd guesses 35%, 45% , 50%. The real answer is 92%! The crowd is wowed.
That means we lose 8% to the chasm of death. Of those that return, 8% choose “no” to the Google account signup option/consent. 92% say yes and automated address book import. Joseph says, they get higher conversion rates, higher import rates, more connections per user, and no drop-off in return visits.
“In other words, our business guys won’t let us turn off the experiment!”
Joseph says, “This is an historic movement. I’ve been evangelizing this stuff for two years, but all of the experiments before this were worse for our business. This is no longer about selling this as good for the web. This is about the Open Stack being measurably better for your business than traditional registration.”
Here’s Joseph’s presentation.
We’re back and Chris Messina of Vidoop and the open community at-large is up, sharing views about various contexts that OpenID will need to survive and thrive in, including web, mobile, desktop, API, and headless. Now, Chris is walking us through various OpenID UIs, pointing out points of confusion, also showing alternatives with better user experience. I’ll add a link to his slides when I have it.
We’re going to breakout groups now. One for Relying Party concerns, one for Providers. I’ll let the working sessions proceed without live blogging. I’ll return to the task when the groups convene to share results.
Update: ReadWriteWeb wades in on the implications of the Plaxo/Google experiment.
Summary from the OP breakout
Julie is talking. Agreement on popup as the way two go; two states: signed in or not. Have a high-level outline. Next steps real wireframes. On the white board now. Site name at the top. Below that something illustrating “what is happening”. Below that Options. Then ID and password (for not signed in). Legaleze, preferably small. Below that Okay or Cancel. Second step (optional) for getting access to more data. What’s interesting to me is it sounds like the OPs ended up with strong consensus about key elements. Max Engel from MySpace adding commentary, along with Angus Logan of Microsoft, and now Allen Tom of Yahoo. Consensus = goodness here. Second screen for the signed in state: site name, who you are, what is happending, options, okay/cancel. Same as first screen but simplified. Agreed that canceling just closes the pop-up and returns you to the site. Discussion around how to handle the different states (like cancel). Max chiming in, plus Breno from Google. Unresolved is sign-out implications between the sites. Breno sharing the need for getting RP logos from the web, with simple discovery; upload from the RP to the OP is not scalable. A little bit of back and forth on some corner case questions, but *great* to hear how MySpace, Facebook, Google, Yahoo, and Microsoft emerged from a room all “on the same page”. Facebook, MySpace, and Google “magically converged” on the same width for the ideal popup, says Julie. (450 pixels, I think.) Breno says that there should be a hard requirement that the popup can be re-sized.
Summary of the RP breakout
Luke Shepard from Facebook is sharing the findings. The big question is what to show the user: box vs. buttons vs. smart typeahead. Joseph Smarr from Plaxo chiming in: we have a set of contexts (like Chris Messina talked about before: organic signup, viral signup, return signin, lightweightm download/desktop, mobile, email validation, OAuth-only, prove affiliation, personalization, “connect”). To do these right, we have a wishlist for what we want from the OP (button, email, data access via OAuth/hybrid, discovery of services, is user logged in?, streamlined UX, email to OpenID lookout). Luke is now talking about one of the big concepts/issues: How can an RP? Eric Sachs of Google talked about doing a “third-party cookie system than (opted-in) users could reveal their identity provider. Breno says it’s like DNS. Neutral third-party. Eric had said there’s an existence proof for something similar for advertising systems for compliance with various privacy laws around the world. Joseph talking “RP Verticals” worth exploring for thinking through differing needs and UX approaches (media sites, e-commerce sites, blogs, social sites).
It’s a great day for the opening up of the Social Web. The largest and fastest growing social network, Facebook, has sent their strongest message to the world that “open” is strategically important to them by stepping up to become a corporate member of the OpenID Foundation. Sweet! Breaking coverage: VentureBeat, CNET, TechCrunch.
Given the popularity and positive user experience of Facebook Connect, we look forward to Facebook working within the community to improve OpenID’s usability and reach. As a first step, Facebook will be hosting a design summit next week at their campus in Palo Alto which follows a similar summit on user experience hosted at Yahoo! last year. The summit will convene some of the top designers from Facebook, the DiSo Project, Google, JanRain, MySpace, Six Apart and Yahoo!, focusing on how existing OpenID implementations could support an experience similar to Facebook Connect.
Here’s the official post from Facebook’s Mike Schroepfer. The best quote: “We see great opportunities to increase our contributions across the open stack.”
This news will surprise (or even shock) many, but I see this as a natural and expected move. After all, Facebook has been getting more and more involved in the open community, attending the OpenID UX Summit last Fall and the Activity Streams meetup a few weeks ago. And Luke Shepard, from the Facebook Connect team, ran in the recent election for the OpenID Foundation Community Board. Luke will now be Facebook’s official representative to the foundation.
I have to say this is a great moment in time. I am so proud of my friends at Facebook who have helped make this happen. Props to Dave Morin and to Luke Shepard. You guys rock!
In related news, Joseph Smarr of Plaxo is being added to the OpenID Foundation Community Board as a result of Facebook becoming a new corporate member. (The rules of the Foundation have the Community Board expanding at the same rate as the corporate membership. Joseph happened to be next in line, based on the election results.)
Looking forward to next week’s OpenID UX Summit, hosted by Facebook. It wouldn’t be surprising if I were to live blog it!
Recommended reading: Chris Messina’s take on the news.
