tag:blogger.com,1999:blog-70918315612536948122023-11-15T16:40:43.521+01:00The EgosphereIdeas and opinions about identity, privacy, self-representation and information sharing.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-7091831561253694812.post-68989956410664590552013-05-30T00:29:00.002+02:002013-05-30T21:06:14.089+02:001998 Brian Martin<blockquote>In the future, surveillance is likely to become ever more intrusive and unavoidable. Surveillance cameras are being used in more and more public and private places. One development under way is tiny recorders and transmitters that can be transported on miniature flying craft that could be piloted into a person's back yard. Eventually they might be reduced to the size of insects that could enter a room and record whatever is said or done. This would be a "bug" in both senses of the word.</blockquote>
This is a quote from 1998, people.
<a href="https://www.uow.edu.au/~bmartin/pubs/98il/il04.html">https://www.uow.edu.au/~bmartin/pubs/98il/il04.html</a>razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-45786343110095332192009-11-07T23:21:00.002+01:002009-11-07T23:24:46.577+01:00Well, here's a scary thing<div><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/-zh9fibMaEk&hl=en&fs=1&"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/-zh9fibMaEk&hl=en&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object></div><br /><br />(thanks, <a href="http://www.pauljansen.eu/">Paul</a>)razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-31537051513910772722009-06-29T04:08:00.001+02:002009-11-07T22:52:12.705+01:00the discussion continuesRegarding <a href="http://egosphere.blogspot.com/2009/06/those-entrusted-with-our-privacy-often.html">my previous post</a> on Bruce Schneiers' blog... the discussion there continues and it is great; For the record, I replied again after it evolved, see below (but please <a href="http://www.schneier.com/blog/archives/2009/06/the_hidden_cost.html">read the whole thing</a>)<br /><br />Ok, my reply:<br /><br />This is exactly the sort of discussion I was hoping for.<br /><br />Regarding your comments, Bethan; When someone's data or observed behaviour (which is also data) is captured, that person (data subject, thanks for coining), has something to lose. He could for instance be exposed, embarrassed, harassed or whatever, by ill-meaning data-capturers. This is an acknowledged form of harm to individuals, against which laws are instated in many countries.<br /><br />Individuals themselves are also aware of the risks of being 'observed' or 'captured', and commonly display a degree of consciousness and responsibility regarding their (chance of) exposure. Close the curtains, protect privacy. Maintaining a degree of privacy is common, and not only for <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565">those who have something to hide</a>.<br /><br />Surveillance, spying, or otherwise secretly observing or recording peoples behaviour (physical or otherwise) is usually not allowed as Clive pointed out; (interesting exception: government or police).<br /><br />For me, I'm not concerned with the data capturing activity, legal as it might be, but with the subsequent _uses_ of the data about the data subjects. Here you claim that data subjects can not expect you to limit your use of their representations. This I find disturbing. There is, again as Clive pointed out, a certain expectation of intended use. Unfortunately, there is often no way for the data subjects to prevent deviation from those expectations (which I find even more disturbing). This lack of control for the data subjects is (for me) an area of great interest/concern (which I try to elaborate at http://egosphere.blogspot.com )<br /><br /><br />The situation you describe, where a persons data, once captured, could be put to any use that would benefit the capturer, seems to me exactly the thing that most people would like to protect themselves from, if they could.<br /><br />Lacking any control over your representation (its correctness, storage, distribution or exposure), even when it was once willingly conveyed to some organization (such as your energy company) makes you dependent on _their_ willingness and ability to change your relation with them. You might become powerless to influence their behaviour, since their representation of you, once acquired, is the truth for them. Never mind the 'unintended uses' that might occur (see http://datalossdb.org/ for plenty of examples).<br /><br />[...]<br /><br /><div style="margin-top: 10px; height: 15px;" class="zemanta-pixie"><a class="zemanta-pixie-a" href="http://reblog.zemanta.com/zemified/25e360a3-5d17-4d78-9c10-756c7dab9779/" title="Reblog this post [with Zemanta]"><img style="border: medium none ; float: right;" class="zemanta-pixie-img" src="http://img.zemanta.com/reblog_e.png?x-id=25e360a3-5d17-4d78-9c10-756c7dab9779" alt="Reblog this post [with Zemanta]"></a><span class="zem-script more-related pretty-attribution"><script type="text/javascript" src="http://static.zemanta.com/readside/loader.js" defer="defer"></script></span></div>razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-66743475591823563502009-06-23T04:10:00.003+02:002009-06-23T11:50:53.667+02:00we are data subjectsIt has been bothering me for some time that I didn't have an accurate, captive term for describing you and me, the people whose identities are represented as data (which is often kept in systems beyond our control). I found it.<br />
<br />
We are the <a href="http://www.schneier.com/blog/archives/2009/06/the_hidden_cost.html#c379921">data subjects</a>. <a href="http://egosphere.blogspot.com/2008/07/my-representation-in-remote-systems.html">How would you like to be treated?</a>razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-1987842102124356632009-06-15T20:24:00.006+02:002009-06-15T20:45:17.553+02:00"those entrusted with our privacy often don't have much incentive to respect it"<img border="0" height="127" src="http://gothamist.com/attachments/nyc_daveh/mclovin.jpg" style="float: left;" width="200" />I love <a href="http://www.schneier.com/index.html">this man</a> (no, not McLovin). He accurately describes what I think is the greatest problem with the current practices regarding how information about people is treated today.<br /><br />The title of this post is a quote from <a href="http://www.schneier.com/blog/archives/2009/06/the_hidden_cost.html">his article</a>. To recap, Schneier is saying that the organizations who are keeping records about you, do not have an incentive to protect that data from 'other uses'. In fact, I supose their only incentive to safeguard your data is to ensure continuation of their own business. As long as they have the data which describes you, they couldn't care less what happens next with it. Spreading, leaking, selling of your representation is all fine, as far as they are concerned. It doesn't hurt, so why care.<br /><br />However, the article then continues to describe how laws and policies can be created or improved, as to better protect the individual's privacy. Great stuff, but for me, laws and policies are a sign of trouble in itself. Please allow me to explain.<br /><br />The only option available right now for protecting the people being represented in remote systems, is to create artificial incentives in the form of laws (so bad behavior can be punished); Sometimes the fear for bad publicity (eg. a memory stick lost leading to public scandal, see the 'oh dear' section below right) is seen as a reversed incentive. However, it is probably much more efficient to let the PR department handle those cases <i>after they take place</i>. You lose again. <br /><br />As in most cases where laws and 'after the fact' measures are instated, the actual problem is that such mishaps can occur at all. To prevent this, laws try to tell organizations that manage <i>your</i> data, what society finds desirable and undesirable behavior.<br /><br />This is a totally powerless situation for the individual being represented by the data kept by those organizations. The only things you can do once you trust your data to remote system are:<br /><ul><li>hope for the best, and have full confidence that the 'privacy policy' is adequately upheld.</li><li>sue when your identity leaks, through some fault or intentionally via data sales to third parties. I don't think this has much effect in real life, and again, the damage is already done by that time</li></ul><br />The only real option to stay in control is to <i>not entrust anyone with your personal data</i>, but that would mean you would be deprived of most basic services such as telephone, electricity and ahem, twitter. ;)<br /><br />Or, if Santa ever grants my wish, you could have a personally controlled data set which all those organizations need to refer to if they need to know something. A total inversion of data flow. Instead of you handing out your representation to be kept in remote systems, the service providers would be granted (by you) access to some appointed data store (selected by you) to request access to certain bits of your personal profile (created and shaped by you).<br /><br />Empowerment of the individual by means of technological innovation would help people to take ownership and control of their representations, rendering the whole policy discussion moot. The current power imbalance would be fundamentally reshaped.<br /><br />See also my little rant <a href="http://egosphere.blogspot.com/2008/07/my-representation-in-remote-systems.html">'My representation in remote systems, the present'</a>.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-41986897015094281382009-02-28T02:55:00.004+01:002009-02-28T02:56:22.773+01:00Hi...I'm still alive... It's just that my attention is being spread out over so many things, sometimes one of my 3 gazillion projects suffers from neglect. I know, I know, but I'm ok with it, so sue me ;)<br /><br />Btw, the book I'm writing on the Egosphere subject is coming along nicely. Stay tuned.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-11087671387611844392008-07-04T12:28:00.009+02:002009-11-07T23:04:15.564+01:00My representation in remote systems, the presentWarning: rant ahead....<br /><br /><br />I, the one represented, allow you, the receiver of information about me, needed to fulfill a service for me, to acquire and store indefinitely, <a href="http://egosphere.blogspot.com/2007/03/profile-problem.html">some attributes</a> describing me as an individual, in the hope you will record them accurately and use them solely for the purpose as intended in our agreed initial context. <br /><br />From there on, I have no control over the system you use to store these records, describing me. Any subsequent change which I wish to effect (an act of self expression, creating my self representation) can only be realized with your consent. Any error or conscious mis-representation is not noticed by me directly. You can alter data representing me at will, thereby doing dishonor to my intentions, without me even knowing it happened. I am not consulted or notified if such change should occur.<br /><br />I am powerless to express myself unless my intentions are reflected in your records. Once acquired, you value the recorded version, supposed to be representing me, above my subsequent direct communication of my intentions (as in, 'no sir, our computer says here bla bla bla'), even though I should be considered the ultimate authority in describing myself.<br /><br />Even when it were entirely feasible and economical to consult me each and every time you need to acquire some information of me, you prefer to use the version in your system as it was recorded once in the past. That may be out of date, or not reflecting my current intentions in some way, but you don't really care. You don't verify or check at regular intervals with me. I can try and fix your records (which, for you, are the truth about me, but for me, they are not), but you might not let me, or you are incapable because of "call-center issues".<br /><br />To make things worse, I have this issue with 200 different organizations, each treating me the same way as you did above, thus leaving me practically powerless to express my intentions across them all. (even a single one is hard, let alone 200). Such is the way I am reflected in society, through the eyes of the many organizations that deal with me: Disparate views, often not consistent, and not governed by my intentions. I am most incapable of expressing my desired representation in a consistent manner, such that it reflects the way I wish to be known. Where is the justice in that?<br /><br />Oh and by the way, could you <a href="http://attrition.org/dataloss/">take more care</a> with my data?razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com1tag:blogger.com,1999:blog-7091831561253694812.post-61655310277413319492008-05-04T17:41:00.004+02:002008-07-01T01:04:11.822+02:00On the OpenID attribute exchange protocol<span class="zemanta-img" style="margin: 1em; display: block; float: right;"><a href="http://en.wikipedia.org/wiki/Image:OpenID_logo.svg" target="_blank"><img src="http://upload.wikimedia.org/wikipedia/en/thumb/c/c8/OpenID_logo.svg/202px-OpenID_logo.svg.png" alt="OpenID" style="border: medium none ; display: block;" /></a><span style="margin: 1em 0pt 0pt; display: block;">Image via <a href="http://en.wikipedia.org/wiki/Image:OpenID_logo.svg" target="_blank">Wikipedia</a></span></span>The <a title="process for new attribute creation" href="http://openid.net/specs/openid-attribute-types-1_0-02.html#anchor6" id="v31z">process for new attribute creation</a> (a 5 point list, proposed by D. Hardt) is broken. It assumes central control (or at least some barrier for me) over what can be postulated about <span id="qdew0" style="font-style: italic;">me</span>. My position on this is explained in <a title="The Profile Problem" href="http://egosphere.blogspot.com/2007/03/profile-problem.html" id="iids">The Profile Problem</a>.<br /><br />I would rather not see the openID initiative which is applauded for its decentralizing effects on Identity, become a centralized point for attribute definitions.<br /><br />Luckily, (apart from the openID attribute namespace) anyone can define attributes as they see fit. But when everyone starts defining attributes, how do we make sure this still results in a usable system of exchange (where usable means no centralization of any kind is needed to take off).<br /><br />Off course the openID namespace attributes will mostly be <i id="qsod2">identifying</i> attributes, which are attributes whose values are supposed to be unique for one person. However the non-identifying remainder of the set all possible attributes is much larger and possibly much more interesting in the lives of most people. So this is where most of the action will take place, between common folk.<br /><br />Let's suppose that everyone gets his own namespace (or comparable mechanism) for creating whatever attributes to describe him or her self; This way, no central authority on 'official attributes' stands in the way of full <span id="jqvk0" style="font-style: italic;">self expression of the individuals describing themselves</span>.<br /><br />In order to exchange attributes meaningfully, the two parties must agree on the semantics (they must agree that the attributes, although maybe <i id="g8on0">called</i> differently by both parties, actually are one and the same thing). But if attributes can be dreamed up by anyone, how do we do that?<br /><br />Basically there are two options. The first is that both parties decide that their attributes to be exchanged both conform to an externally known (official) attribute definition. The other option is to create an ad-hoc attribute just for the pairing of the two personally defined attributes, and use that as the underlying definition to agree upon. A new attribute definition will be instantiated, specifically for this one-on-one mapping. Both parties designate their attributes to be one of that kind.<br /><br />It would not be unreasonable to expect well defined attribute collections for general use to<br />appear soon. If both parties designate their (personally defined) attributes as a known external uri, semantic matching is automatic. If not, human intervention is needed to decide, but that's nothing too dramatic. A simple instant message "Hey, your sending me this http://..../foobar property, it has value 14. What is it?" If an understanding is reached, both parties will have semantic agreement, and both attributes will be defined as being of a (newly created) special attribute which is defined purely for this one-on-one purpose.<br /><br />The key point here is that all attributes that I create are in my private namespace, and that semantic matching occurs on a different layer, between each of the 2 identities involved.<br /><br />In the end, each person would still have his own idiosyncratic world view defined by the attributes he makes up. These describe himself as well as other people he knows. Hidden from view are the mappings based on semantic agreements (the underlying attributes) via well known or ad-hoc attributes.<br /><br />The result is decentralized attribute collections (they are personal, but allow for consensus via intermediate maps or via plain old human consensus).<br /><br />Let's fast forward from here.<br /><br />I can imagine that certain groups of people (say, project team members) might want to share some pretty interesting attribute sets, which are not 'standard' by any other means. The support of this kind of creativity is essential.<br /><br />Quick creation of special-purpose attribute sets, and proposing those sets to others is where protocol thought should be focussed now. If I can quickly create, send out, and receive values of, self-defined attribute sets, all in a fully decentralized way, then we finally have a reason to ditch Lotus Notes forever (for which I should win the Nobel Peace Prize).razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-80170402727316369622008-05-02T12:38:00.001+02:002008-05-02T22:47:19.817+02:00How (not) to make friends<span class="zemanta-img" style="margin: 1em; display: block; float: right;"><a href="http://www.flickr.com/photos/14239007@N00/2331822174" target="_blank"><img src="http://farm4.static.flickr.com/3116/2331822174_bf4d0fcb00_m.jpg" alt="Social Networks world wide" style="border: medium none ; display: block;"></a><span style="margin: 1em 0pt 0pt; display: block;">Image by <a href="http://www.flickr.com/photos/14239007@N00/2331822174" target="_blank">Chewbacka</a> via Flickr</span></span>Regarding the social web and linking of 'friends', the currently available implementations such as <a href="http://www.facebook.com/" title="Facebook" rel="homepage" target="_blank" class="zem_slink">Facebook</a> etc. take the following approach: <br /><br />First you identify who is your 'friend' (within the same network or application), this in turn determines which attributes they are allowed to see. Other classes of relationships like 'acquaintance', 'co-worker' 'school-mate' 'best friend' are now being proposed on the Data Portability forums to manage this. <br /><br />This not only smells like bad design, but it appears to me to be an inversion of what happens in reality. <br /><br /><span style="font-style: italic;">It is not the appointing of a 'friend' class to someone which determines who can see which of your attributes. It's the other way around: by allowing different identities to see different subsets of your attributes (gradually and over time), you define your relationship with these other identities.</span> In other words, someone might <span style="font-style: italic;">become</span> a friend <span style="font-style: italic;">after</span> you decide he may see some of your attributes. <br /><br />You don't have to decide on the relationship type upfront if you could granularly disclose attributes to various other identities (and maybe have the favor returned to you).<br /><br />Off course people don't want to be bothered continuously with such fine-grained control over their individual attributes. As usual, software programs can ease the burden and help with common tasks. <br /><br />Not many people currently craft their HTML documents and HTTP requests by hand to publish or read on the world-wide web. Still, inter-operability of all the different software is possible, thanks to the underlying standards. Sadly, we don't have these for identities and their attributes yet.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-55731683697006539442008-05-01T18:25:00.001+02:002008-05-01T18:27:20.422+02:00Notification for feed consumersThe rss feed for this site has been changed to <a href="http://feeds.feedburner.com/egosphere">http://feeds.feedburner.com/egosphere</a>.<br /><br />Please update your rss clients.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-61988760460977012392008-02-12T18:10:00.003+01:002008-05-01T19:01:11.323+02:00Information sink vs information source<a href="http://www.nytimes.com/2008/02/11/technology/11facebook.html?_r=1&oref=slogin">How Sticky Is Membership on Facebook? Just Try Breaking Free - New York Times</a><br /><br />Another example of how most applications act like information sinks. It's easy to enter <span style="font-style: italic;">your</span> information (data about you), but once you do, you lose control. The Facebook application (like almost any other online application) is an <span style="font-style: italic;">information sink</span>.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://images.macworld.com/images/legacy/2007/08/images/content/drobo.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 211px; height: 164px;" src="http://images.macworld.com/images/legacy/2007/08/images/content/drobo.jpg" alt="Image via http://images.macworld.com" border="0" /></a><br />To me it seems the only approach to preserve control over <span style="font-style: italic;">your data</span> is to leave those applications alone. That's why I'm not on <a href="http://myspace.com/">Myspace</a>, <a href="http://facebook.com/">Facebook</a> or others (<a href="http://linkedin.com/">Linkedin</a> being the exception, for some reason).<br /><br />Ideally, I would like to have the ability to create an <span style="font-style: italic;">information source</span>, totally under my control, in which I design and edit my profile. A generic protocol for addressing and disclosure would then allow other applications and people to use this <span style="font-style: italic;">information source</span> for many different applications (which would then basically become views on my data, and that of others in the aggregate).<br /><br />What do you think?razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-57967972206381243232008-02-05T00:53:00.001+01:002008-05-02T12:34:54.940+02:00DataPortability and the Web WorkerOne of my favorite blogs, <a href="http://webworkerdaily.com">Web Worker Daily</a>, struck a nerve when <a href="http://webworkerdaily.com/2008/02/04/dataportability-and-the-web-worker/">posting</a> about the <a href="http://dataportability.org/">DataPortability</a> initiative. I couldn't resist to <a href="http://webworkerdaily.com/2008/02/04/dataportability-and-the-web-worker/#comment-287441">comment</a>.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-39687039002068851242008-01-11T15:10:00.004+01:002008-05-02T12:40:00.081+02:00DataPortability - bad name for a real problem<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://pro.corbis.com/images/42-17534568.jpg?size=572&uid=%7Bf5f45c55-cab5-4437-bc38-4e3557515d5a%7D"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px;" src="http://pro.corbis.com/images/42-17534568.jpg?size=572&uid=%7Bf5f45c55-cab5-4437-bc38-4e3557515d5a%7D" alt="Image: (c) corbis" border="0"></a><br /><span style="font-weight: bold;">It's about you</span><br /><br />The recurring theme in social web data is that the data concerned is <span style="font-style: italic;">about an individual</span> (ie. you). Anything that describes (a part of) you or your actions or preferences or you name it, qualifies to be part of your 'profile'. It doesn't matter if you typed it in yourself, or if it is generated by some system. (As long as something pertains to you, represents you, it should be under your control. I'm taking an extremely user- or identity-centric approach here).<br /><br />Currently almost any data describing you is not under your control. See <a href="http://egosphere.blogspot.com/2007/03/profile-problem.html">The Profile Problem</a> of which the <a href="http://www.businessweek.com/the_thread/techbeat/archives/2008/01/whose_data_is_i.html?campaign_id=rss_blog_techbeat">Scoble vs Facebook</a> case is an example (not the latest, methinks).<br /><br />Let me be clear: I totally agree with the problems that <a href="http://en.wikipedia.org/wiki/DataPortability" title="DataPortability" rel="wikipedia" target="_blank" class="zem_slink">DataPortability</a> tries to solve. Only the name of the project is misleading to say the least.<br /><br />The name Data Portability (and some of the things I've read on their website and forum) gives me the feeling that they want to be able to extract and import 'user data' from and into various existing <a href="http://en.wikipedia.org/wiki/Social_web" title="Social web" rel="wikipedia" target="_blank" class="zem_slink">social-web</a> applications, just like Scoble did. That's a nice problem to solve, but it all depends on what level of abstraction the standards are formulated.<br /><br />Let's do a thought experiment, Imagine a less-than-world-wide web where pre-existing publication platforms were hosting content, each in its own proprietary way. At some point the need for inter-operability (linking) and re-usability of this content becomes apparent.<br /><br />Thanks to Tim Berners-Lee, and lucky for us, we don't have this situation on the current world-wide (webpage) web. We're not porting documents from one web-server implementation to the other, and we don't need or want standards to do so. Instead we have the HTML standard for the document format, the HTTP protocol for accessing and creation, and the URL for addressing. <br /><br />These are key components. But on the social web, we <span style="font-style: italic;">do</span> have this situation.<br /><br />The problem isn't then that we can't <span style="font-style: italic;">port</span> or migrate data (we really shouldn't be wanting to go that way), the problem lies deeper in that there aren't any standards for representing, addressing and manipulating this type of content.<br /><br />Similar to the standards that make the world-wide web so successful, I sincerely hope that the DataPorters want to come up with a similar <span style="font-style: italic;">addressing</span> standard for identities and for individual attributes. Already <a href="http://en.wikipedia.org/wiki/OpenID" title="OpenID" rel="wikipedia" target="_blank" class="zem_slink">OpenID</a> covers the part of the solution.<br /><br />Once identities and specific attributes are uniquely addressable, data at these addresses should be in a standard <span style="font-style: italic;">document format</span> (like HTML documents which resides at url addresses, 'attribute documents' should reside at attribute-url's). I would like to have an addressable document in a standard document format for each of the attributes that are part of my self-representation. (Unlike web-pages, these attribute-documents shouldn't be automatically world-readable, the documents themselves should include disclosure settings, and part of the access protocol should be the decision to disclose or not, depending on the 'requesting party'.)<br /><br />It follows then that we also need a protocol for sending messages to create, retrieve, update, remove and share (disclose) these attribute-documents (defined by their unique addresses); HTTP does this for viewable documents and we should have something similar for identity-centric attribute documents.<br /><br />Once the standards are there at the right level of abstraction (the attribute level imho), the rest is easy. You could implement a Facebook in no time, and it would be inter-operable with any other such system (no need to shovel data to and fro).<br /><br /><span style="font-weight: bold;">Conclusion</span><br /><br />It seems to me that trying to make current proprietary social-web applications inter-operable after the fact, by devising a standard at the application level, is a waste of effort. Too bad we have existing applications without standards, but this still leaves us with the need for low-level standards for the identity-attribute domain. Once we have that, data portability is a non-issue.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-40783286999198382442008-01-10T13:20:00.002+01:002008-04-11T17:45:11.470+02:00The Profile Problem<span class="zemanta-img" style="margin: 1em; display: block; float: right;"><a href="http://commons.wikipedia.org/wiki/Image:Amagi.png" target="_blank"><img src="http://upload.wikimedia.org/wikipedia/commons/thumb/c/c8/Amagi.png/202px-Amagi.png" alt="Ama-gi written in Sumerian cuneiform" style="border: medium none ; display: block;"></a><span style="margin: 1em 0pt 0pt; display: block;">Image via <a href="http://commons.wikipedia.org/wiki/Image:Amagi.png" target="_blank">Wikipedia</a></span></span>Profiles are used extensively on the web and in the enterprise. With the rise of '<a href="http://en.wikipedia.org/wiki/Social_web" title="Social web" rel="wikipedia" target="_blank" class="zem_slink">the social web</a>', the number of profiles you can use to describe (parts of) yourself is greatly increased.<br /><br />On the web, each site or service needs to know something about you. This is your profile (for that site or service). In an enterprise setting, a company keeps a profile about all their employees or customers (i.e. you) in their identity management system.<br /><br />When seen from a perspective of <a href="http://en.wikipedia.org/wiki/Freedom_%28philosophy%29" title="Freedom (philosophy)" rel="wikipedia" target="_blank" class="zem_slink">personal freedom</a>, the current practices pose a few problems, which will be discussed next.<br /><br /><span style="font-weight: bold;">Problem 1: You don't have control over the data that describes you.</span><br /><br />This is the most important problem. Apart from the specific elements you are allowed to store (see Problem 2), the data you entered is stored on a system beyond your control. It might be difficult to make changes, or to correct errors. You might be dependent on the service provider or others to have your data changed or deleted. You don't control the security that surrounds your data. You can't choose the systems on which your data is kept. <a href="http://www.businessweek.com/the_thread/techbeat/archives/2008/01/whose_data_is_i.html?campaign_id=rss_blog_techbeat">You're not allowed to re-use your own self-representation</a>.<br /><br /><span style="font-weight: bold;">Problem 2: Profiles dictate what you can and cannot tell about yourself.</span><br /><br />Most online services and enterprise identity systems come with a prescribed set of properties (like your name, favorite music etc.) that you need to populate with values concerning yourself. The profile dictates what is required and what is optional. There is often no room for extra information.<br /><br /><span style="font-weight: bold;">Problem 3: Lack of sharing control.</span><br /><br />You often don't control who sees the profile, and, in cases where sharing is relevant, you can't control the parts to disclose in enough detail.<br /><br />On the web, you are stuck with the options the site or service offers you for sharing with other users (as is common in many <a href="http://en.wikipedia.org/wiki/Virtual_community" title="Virtual community" rel="wikipedia" target="_blank" class="zem_slink">online community</a> services). Can you share all, nothing, or parts of your profile? Which parts?<br /><br /><span style="font-weight: bold;">Problem 4: Duplication of effort.</span><br /><br />This is not really a problem related to individual freedom, but it is worth mentioning anyway.<br /><br />Each service has its own profile page for you to fill out. This is a duplication of effort for you, since you have to maintain the same set of properties over and over again at each site. It also is a duplication of effort on the part of all the service providers, who build and maintain a profile infrastructure, user interfaces and the data it holds.<br /><br />Admitted, the enterprise identity management system solves the duplication of effort problem by using an enterprise-wide profile management system, so the duplication of effort is mainly seen on the web, not inside the enterprise. However, the first two problems remain. Do you have any more influence over your profile (say, as a customer or employee), now that it rests in an enterprise identity system?<br /><br /><br /><span style="font-weight: bold;">What needs to be done?</span><br /><br />Nowadays, with the proliferation on-line services an social media, the need for a solution for these problems is needed more than ever. The challenge lies in identifying what an acceptable solution looks like.<br /><br />We should take a step back from technical issues, and investigate the essence of self-representation, since a profile for an on-line service is just that. Taking the person being represented as the starting point, issues of personal freedom, privacy and control become relevant. <br /><br />In any case, to prevent the problems identified above, the proposed solution should minimally have the following characteristics:<br /><br />It should work with arbitrary attribute collections. It should allow for fine-grained disclosure (sharing) options under the users control. The data should be stored with a provider/technology of choice.<br /><br />Starting from there, one can see the need for <span style="font-style: italic;">standards</span> which allow an individual to manage the the definition, modification, querying, and disclosure of personal attributes.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-31190315703610827882008-01-07T18:28:00.000+01:002008-01-10T22:28:07.066+01:00The Rise of Networked IndividualismIn <a href="http://jcmc.indiana.edu/vol8/issue3/wellman.html">The Social Affordances of the Internet for Networked Individualism</a>, a very interesting analysis is done of the shift from a group-centered towards a person-to-person society. See especially the chapter <a href="http://jcmc.indiana.edu/vol8/issue3/wellman.html#seventh">The Rise of Networked Individualism</a>.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-19017226553784872382008-01-07T17:38:00.000+01:002008-01-07T17:41:53.213+01:00Attention Profiling: APML<a href="http://www.masternewmedia.org/online_marketing/attention-profiling-apml/apml-beginners-guide-attention-profile-20071113.htm">Attention Profiling: APML Beginner's Guide - Robin Good's Latest News</a><br /><br />The APML standard proposes a unified format for capturing a persons interests. The main idea is to keep the user in control of his data (<span style="font-style:italic;">good</span>). It focuses on certain types of data, mainly those that describe a users preferences and interests. One of the goals is to make recommendations and filtering easier and to prevent information overload.<br /><br />I would say the user-in-control approach is very good, but why limit to certain kinds of data? Do we really need a standard format for each domain or application? My point of view would be to create a standard at a more general level. It should be generic enough to let the person describe himself however he/she wants (see <a href="http://egosphere.blogspot.com/2007/03/profile-problem.html">The Profile Problem</a>) and for describing detailed disclosure policies. I will elaborate in another article.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0tag:blogger.com,1999:blog-7091831561253694812.post-2472959368416869822008-01-07T14:57:00.000+01:002008-01-09T23:45:24.588+01:00Data portabilityRecently I came across the <a href="http://dataportability.org/">data portability</a> concept. Finally, it seems that the idea is gaining hold that <span style="font-style:italic;">you</span> should be the owner of the data that describes you. Not Facebook or any other organization which tools you use.<br /><br />This article covers some of the issues: <a href="http://www.particls.com/blog/2008/01/top-3-privacy-issues-for.html">Are You Paying Attention?: Top 3 Privacy issues for Data Portability on Social Networks</a><br /><br />Now to argue one step further, I think you should not only be the <span style="font-style:italic;">owner</span> of the data describing you, but also the <span style="font-style:italic;"><a href="http://egosphere.blogspot.com/2007/03/profile-problem.html">designer</a></span>.razor_nlhttp://www.blogger.com/profile/10331640823210769764noreply@blogger.com0