Burningbird

Social Gaffes

September 22nd, 2007

I'll be the first to admit that not all of my attention has been on the various discussions raging around the weblogging world in the last few weeks. However, my curiosity was peaked when there was multiple references to 'social gaffes'–enough so that I tore my attention away from working on my upcoming bestselling book on web graphics in order to see who had been involved in the latest online contretemps.

I quickly came to understand that I had misread both the word and the discussion: it was social graph not gaffe. Isn't it amazing how one can misread similar words? Oh, well, since my attention is already caught…

The discussion on social graphs seems to be a convergence between Six Apart's and Google's recent Secret Ops discussion related to the topic.

I don't have the issue with the term, social graph that Nick Carr does, though another buzz word being bandied about isn't necessarily a reason to pop the champagne cork in celebration. From my initial read through, my understanding of the difference between social network and social graph is that the former is something we control, while the latter is the mechanistic view to be consumed or derived using whatever algorithmic means present themselves.

You can manually send me an invite to join you in Facebook poking (which sounds faintly obscene), but I don't have to accept your invitation. If I go to the next big thing after Facebook, and decide that you poke good, I can then send you an invitation to join me at the newest, bestest thing. That's a network.

If I have an OpenID and can use it to connect to my social networks and these networks are 'open', not only can I take my network with me from place to place, my social interactions form a 'social fingerprint', as it were, readable by the right software. I connect with The Poker and when I do, the software can let me know that The Poker is connected with other people who other of my friends are connected to, ala *hint, hint*, *nudge, nudge*, fresh meat!

In other words, you can pack up your network in a big brown bag and tote it along with you, but you can't grab your graph.

According to Google's Brad Fitzpatrick, the problem associated with today's state of social affairs is:

Currently if you're a new site that needs the social graph (e.g. dopplr.com) to provide one fun & useful feature (e.g. where are your friends traveling and when?), then you face a much bigger problem then just implementing your main feature. You also have to have usernames, passwords (or hopefully you use OpenID instead), a way to invite friends, add/remove friends, and the list goes on. So generally you have to ask for email addresses too, requiring you to send out address verification emails, etc. Then lost username/password emails. etc, etc. If I had to declare the problem statement succinctly, it'd be: People are getting sick of registering and re-declaring their friends on every site., but also: Developing "Social Applications" is too much work.

I'm forced to ask the question: is this a real hardship for folks? How many of these social networks do people really sign up for? Do you normally carry along everyone you connect with from network to network, like a bag lady does her favorite umbrella?

I keep hearing what a hardship these 'closed graph' networks are for folks, but I don't think I've read anyone write, Oh, damn, I had to skip my kid's school play because I had to stay home and invite everyone I know to my newest social network. I imagine there are people for whom having to re-spider their newest activity is a problem, but I have to wonder if they're enough in a majority to threaten to become the next meme?

Six Apart's discussion on social graphs is related more to the technologies used: FOAF, microformats, especially the use of OpenID. In the writing, David Recordon uses the recent fiasco with Quetchup, as an example of why OpenID is important–invites to which I received from people who I know would not willingly invite me to a social network, so I knew it was a scam right from the start. (Handy, that.)

Recordon writes:

Quechup.com launched a few weeks ago as a new social networking service. With little context for the new service, many people happily gave their Gmail username and password to check to see if their friends were already members. What many of those people did not realize is that Quechup could use that information to email invitations to join Quechup to everyone in their Gmail address book. Lots of unwanted email, and embarrassed apologies, followed.

Once you think about it, it's easy to see how an email address and password can be the key to compromising a lot of other personal data. With their shared login system, a Google Account allows access not just to Gmail but also to a PayPal-like Google Checkout account, managing your advertising via AdSense, and viewing traffic to any of the sites you're tracking via Google Analytics. If your Gmail username and password is given out to a rogue service it might mean that your bank account is wiped, you've started displaying distasteful ads, and the confidential traffic statistics to your site are now fully public.
…
While OpenID helps to solve these problems, the problem itself is larger than just reducing the number of accounts you manage online. Getting to the point of it being common practice for a service to request your email password to invite your friends really illustrates just how bad this problem has become

Actually, I don't see how OpenID solves the problem. Being a little more selective about where and when you pass out your usernames and passwords seems to be a better solution. With OpenID, you're still giving access to your information, which can then be used in a manner that you may not be happy about. True, you can keep your username/passwords separate for accounting systems such as Google's Checkout, but how many systems do we connect directly to our credit cards, and bank accounts? If you say more than one, well, you don't have my sympathy if you go to buy that hot dog and the check out lady says you don't have any money in your checking account.

What's odd about all of this is that all the discussion about social graphs seems to be based, directly or not, with Facebook, starting with the fact that Facebook's Zuckerberg seems to havecoined the social graph term . It puzzles me to no end this seemingly endless fascination with Facebook, and it always gives me a chuckle when it gets compared to Microsoft or Google. The philosophy seems to go: 'owning' your own social graph is the next big thing in technology because Facebook's web traffic is really, really high.

Some of the RDF folks have mentioned how RDF would be perfect for use in these new social graphs. After all, RDF was designed from the ground up for storing and aggregating this kind of data. Here's me frantically shaking my head, though, not really wanting the RDF community to buy into 'social graphing' because recorded data, or algorithmically derived data, isn't necessarily meaningful data:

Me to Social Graph Aggregator God: Recommend me a dentist.

"You know A, and A knows B, and B knows C, and C knows Dr. D."

"Cool."

–later–

Me to Social Graph Aggregator God: Doctow was awbul, just awbul. Why id u recommend awbul dentiss?

"I beg your pardon, but I only plot the points, and follow the connections. I don't test any of it for value".

Me to Social Graph Aggregator God: I twusted you!

"Then you didn't read the TOS closely enough."

Frankly, if people want to jump from network to network and social graph technology can facility this hopping about and they have more control, more power to 'em. We each march to different drummers; dance to different tunes; lick different flavors of pops. This is all a hoot!

What is less of a giggle is Google's new effort to spread Orkut across all of its services. Google has a lot of information about me, but I don't know exactly how much information it has, how it's using this data in derivatives, who has access to this data, and how long will all the data and all derivatives be maintained. To hear that Google plans on extending tendrils even further into our online lives does not excite me as much as it seems to excite the VCs.

A couple of weeks ago, I downloaded Picasa and Google Earth primarily because I wanted to see about covering both services for my book. I like Google Earth, especially that new Easter egg, where you can fly jets and crash them into mountains. Somehow in the process, either I made a mistake and checked the wrong box, or I had a momentary brain aberration and clicked the wrong link because the next thing I know, I have Google Desktop on my computer. Well, at least I did for a few minutes, long enough to have my computer mucked up by Google Desktop, which acts more like a benevolent computer virus than a useful service.

Ew! Ew! Get it off me! Get if OFF me!

Of course, I can bag out on Orkut, I think, but I hadn't any intention of attaching accounts to my GMail account, which Google did without my permission. It is becoming very, very difficult to keep Google from 'helping' me by making connection decisions for me.

Returning to Google's Brad Fitzpatrick's take on social graphs, he goes into more detail on what it would take to make building social application's easier by providing a set of goals, including making social graphs into community assets that are owned by a non-profit which:

collects, merges, and redistributes the graphs from all other social network sites into one global aggregated graph. This is then made available to other sites (or users) via both public APIs (for small/casual users) and downloadable data dumps, with an update stream / APIs, to get iterative updates to the graph (for larger users)

With this capability in hand, user's will get the ultimate social graph experience:

A user should then be able to log into a social application (e.g. dopplr.com) for the first time, ideally but not necessarily with OpenID, and be presented with a dialog like,

"Hey, we see from public information elsewhere that you already have 28 friends already using dopplr, shown below with rationale about why we're recommending them (what usernames they are on other sites). Which do you want to be friends with here? Or click 'select-all'."

Also every so often while you're using the site dopplr lets you know if friends that you're friends with elsewhere start using the site and prompts you to be friends with them. All without either of you re-inviting/re-adding each other on dopplr… just because you two already declared your relationship publicly somewhere else.

The fiasco that happened with Quetchup.com seems small in comparison to the problems that can occur with this type of global data aggregation and the associated algorithms to 'assume' and derive associations. Leaving aside the potential for hundreds of messages a day if there's even the smallest flaw within one of the algorithms using this data, every one of the interactions attached to this global graph will be monitored by dozens, perhaps hundreds, of companies, all waiting to sell us something; all wanting details about what we're willing to buy. It never fails to amaze me that people will struggle to get Akismet to run with their weblogs, and use any variety of ad blocker, yet trip about joining every new social network, happily providing their email accounts so that people like me can be heartily surprised by who exactly I got a 'friend' request from.

(At least I'm getting some entertainment value from Quetchup.)

With all due respect to the gentlemen mentioned in this post–they're all very savvy, tech proficient, seem to have lots of friends, and make a lot more money than I do–but I have to wonder how clearly one can think when one's head is up one's butt?

Though privacy is mentioned, what isn't mentioned is that the data already being collected about us by companies such as Facebook, Google, Yahoo, and others is out of our control, and there's no indication that somehow waving the magic 'social graph' wand over any of it is going to make any difference. Google, if I use OpenID, will you let me delete my search results from your database? If I quit Facebook and join Orkut, will you let me delete my search results from your database? No? Then won't using one ID make all this data collecting about me a whole lot easier?

As Julian would say though, it's already too late to worry overmuch about privacy. Bwhahahaha, boys and girls: whatever you know about your social network, others know, too; when you own your social graph, others will, too. They…are watching you…

But let's make a game of it, shall we? Hide and Go Seek. Tag, you're it.

To think that when I started following all the links, all I was expecting to hear about was who embarrassed who and at what function. Now if you'll excuse me, I've heard that today is One Wet Day. I'm not sure what it's about, but I think it has something to do with storms.

Social Gaffes
Author: Shelley Powers
Published: September 22, 2007 at 6:56 pm
Category: Technology
Keywords: EvilEmpire, Google, OpenId, SemanticWeb, SocialNetworks
Comment Status: closed with 14 Comments

Comments

fp - 7:24 pm 9/22/2007

I laughed until I webbed myself!

James - 2:29 am 9/23/2007

Picasa, not Picaso. After I refused to get a Google account, my Orkut profile was kindly deleted. Which is not to say I don't have my own take on social networks.

Roger Benningfield - 6:02 am 9/23/2007

Shelley: "I'm forced to ask the question: is this a real hardship for folks?"

Exactly. The thing that irritates me about the whole discussion is that it uses words like "people" without ever addressing the concerns of average humans. "People" aren't tired of redeclaring friends across social networks… a tiny handful of Alpha Geeks who sign up for every shiny thing they see are tired of it. An even smaller handful of entrepreneurs and developers are tired of struggling to get their pageviews up. But everyone else? It never even crosses their minds.

Bud Gibson - 8:40 am 9/23/2007

Where I have seen the value of this is in tracking what people who give me their data are doing. It can tell you something about the health and interconnectedness of communities you are trying to build, who's really active and connecting, who is not.

As you point out, I'm not sure it has a ton of value beyond that.

Michael R. Bernstein - 8:58 am 9/23/2007

In my view, there are two ways this matters:

a) Everyone is focusing on lowering the entry cost of adopting new services, or being able to more securely share data from one service to another.

b) This is equally useful for lowering the exit costs of switching to a different service.

Consider: How much more severe would Facebook's user revolt earlier this year have been if this kind of portability had already been in place?

That's why I think this set of technologies is important.

Shelley - 10:44 am 9/23/2007

James, thanks, corrected.

All we really need to move our 'network' to another service is a way of exporting our contacts within the old service, and any relationship information. A quick RDF dump would do the trick.

What Fitzpatrick is talking about is something way beyond this capability, and it's not something I vew with a warm and cozy feeling in the pit of my tummy.

Aruni - 1:51 pm 9/23/2007

Nice post. I still don't know how all those social networking sites work. I've joined Linked In but haven't figured out how to use all of its features. I also don't accept invites from people I haven't met, talked with, exchanged email with, etc. I don't have a Facebook account (but may be forced to soon), MySpace, You Tube, Friendster, etc. I joined Ning in order to participate in an Alpha Moms program. I really don't have the time to keep up with all of that. I would spend half my time reading and not building a company…seems counterproductive if you ask me. I guess if we ever make it big enough to hire someone specifically to do that for us (for business reasons) then I'll check them out more seriously.

I'm still trying to figure out Digg, Reddit, Sk-rt, Feed flares, Ads, Stumple Upon, SEO, Alexa, etc., etc.

I'm so glad I knew nothing about Quechup…I've just read about how horrible it is/was. I get enough Spam as it is.

Phil - 5:41 am 9/24/2007

I liked Tom Lord's take on all this (in Nick Carr's comments).

Like Aruni, I'd missed the Quechup pileup. I can't help wondering…

many people happily gave their Gmail username and password

…why anyone wouldn't think that was a bit, well, risky. Reminds me of something I wrote in a column - years back, just after the ILOVEYOU virus; that Microsoft had done well on the 'interoperable applications' and 'powerful scripting' fronts, but hadn't quite managed the essential third component of 'everyone in the world being nice'. Maybe 'everyone thinking that everyone else in the world is nice' is a step in the right direction. (Joke.)

I wrote something about LinkedIn a bit back (I signed up when I was feeling particularly bereft of work). Beyond the basic 'Friends Reunited' element, the idea seems to be that you'll write to someone you don't know introducing yourself as a friend of a friend - or even, bizarrely, introducing yourself as a friend of a friend of an unknown friend ("I know Fred, and apparently Fred knows somebody you also know"). I can't help feeling that anyone who's got the brass neck to do that would have been doing it anyway. The main effect for me (apart from the basic 'Friends Reunited' element) has been to make me feel I know loads of people… well, almost.

Aristotle Pagaltzis - 7:42 am 9/24/2007

With OpenID, you're still giving access to your information, which can then be used in a manner that you may not be happy about.

If you give your Gmail credentials to Quetchup, they can do anything they want – they have full access to all of your Google account and could initiate any administrative actions whatever.

With OpenID you’d only be giving read access to your data to begin with, because the OpenID consumer never receives your credentials – it can only route you through the OpenID’s provider, who will confirm or deny your authentication with it. The consumer can simultaneously ask the provider for any data about the user that the provider has on record – but the provider can choose to refuse the request. Usually the provider decides what to do by prompting the user whether it’s OK to honour the consumer’s request.

So OpenID really does solve that problem.

Other than that, though, right on.

As for the “whose problem is this” question: it’s a problem for the social networking underdogs and for Google. For the underdogs it’s problematic because network effects make social networking a winner-takes-all game – but making it possible to connect across sites would soften the network effect in play. Google’s problem is that social networking sites shunt lots of content behind a login wall where it can’t be indexed. Oh, and Brad used to work at LJ (now an SN underdog) and then moved on to Google. Coincidence?

(You will note, though, that “the users” is not one of the answers to the question…)

Seth Gordon - 7:58 am 9/24/2007

Practical application: Some fanfic communities have had a tempestuous relationship with LiveJournal over the last few months, because the LJ management got spooked about anything that could be accused of vaguely resembling child porn on their network, and shut down a bunch of slash-related communities. There was a massive outcry (fictional stories involving a sexual relationship between Harry Potter and Severus Snape may not exactly float your boat, but it would be something of a stretch to label it as kiddieporn), Six Apart apologized, said they would work on new and improved and more understandable terms of service, and offered a sale on lifetime memberships. Then they did it again.

So a number of the affected fans started mumbling about moving their accounts to a different social-networking site. But the fans have established networks on LJ, and since some of the content they post for one another is "friends-locked", they can't replace the LJ interface with, say, an RSS/Atom aggregator. It would be nice to have some kind of system that would allow the "friends-locked" concept to work across LJ-like sites, so that an aggregator running on site A could forward your credentials and retrieve access-restricted content on your behalf from site B.

And then I started seeing some postings from luminaries in the technoblogosphere about this "social graph" stuff. I guess they, too, have friends involved with fanfic and LJ.

Shelley - 10:11 pm 9/24/2007

Actually, I rather had fun with Quetchup, Aruni. I felt all Sally Fields:

"You like me! You really like me!"

But it did rather surprise me that people would be that willing to give their email username and password. Perhaps I'm paranoid, but…well, no but–there's a reason to be paranoid.

Phil, I think I read Tom's comments, but will go again. Nick Carr usually gets some pretty darn good comments attached to his posts. Ahem, I think I do, too.

Aristotle, in the Quetchup example, the person would give permission for their address book. People knew it was being accessed when they gave out their username and passwords. Going through an OpenID would not have changed what people did with the info once they had it.

I am going to be curious what Brad cooks up at Google. And, wary. Just a habit.

Seth, I can understand the software to be able to export your contacts from one service to another. I'm less sure about active APIs and aggregated data. There be dragons here, me thinks.

Aristotle Pagaltzis - 5:23 pm 9/25/2007

Oh yeah – going through OpenID wouldn’t prevent the spammage, that’s true. It would however solve the problem that you’re handing full access to your Google account to a third party.

Michael R. Bernstein - 2:18 pm 9/26/2007

Aristotle, winner-take-all monopolies formed by network effects are actually a reasonable proxy for a fairly wide range of user concerns.

Aristotle Pagaltzis - 12:18 pm 9/27/2007

In some ways. If the tech was advanced enough, RSS, FOAF/XFN et al would be able to fulfill the same purpose as Facebook in a distributed fashion where the web is the social network. I see that as desirable, but very distinct from Facebook and Myspace swapping graphs – or any scenario “where you make all the content, and we keep all the money.” The difference is who controls a user’s data; if it’s not the user themself, then “opening” the data merely makes it more promiscuous.

Thanks to all those who have contributed to the discussion. Comments are now closed, but you can contact the author of the post directly.

Social Gaffes

Categories