Opt-in controls for allowing your info to be Exported
The time is right for our industry to come up with a way for users to control their profile and social network data. Whether it be access control, exportability or even the right to have email sent to you - user’s need to be in control.
This whole Scoble affair has highlighted a necessity which I plugged awhile back - which is that we need - opt-in controls - that give every user the ability to control en masse (or maybe even on a case by case basis) - who can export their personal data (mainly email address) via a ‘friends list’ export.
This is what Robert Scoble was doing - utilizing a new Plaxo util which scraped Facebook and exported Robert’s friends list email addresses into Plaxo Pulse. Well what happened was that Facebook suspended Robert’s account - only to turn it back on later.
The whole scripts scraping sites thing is a no-no - and Facebook turned off Robert’s account to make that clear. But what this controversy highlights is an issue we brought up in our Bill of Rights for Users of Social Media.
Just who owns this data that is associated with one’s personal profile account?
The Scoble controversy exacerbated an issue which isn’t going to go away. Whether you believe people really want to move their data or just inter-operate between networks (as Dare Obasanjo differentiates) the political issue is “who owns the data in the first place?”
There are so many peripheral issues surrounding this basic premise - that lets leave it at “the vendors who have the data on their hard drives” - control the data - unless they do something otherwise. Mary Hodder changed her TOS for dabble - but I know of no other vendor, including Plaxo - who has matched Mary on that freedom she granted her customers.
Dave Winer brings up the issue of controlling exactly what we expose to who - which is what Hans-Peter Brondmo was talking about on our panel in Paris - last month.
And there are numerous arguments for and against Robert and Plaxo - ranging from wild support and enthusiastic embracing of the principles of users controlling their own data (”Should GMail, Yahoo and Hotmail block Facebook“), to out right admonishment and disgust (”Scoble: freedom fighter or data thief?“)
As usual there’s two sides to the story.
On one side is Facebook - which it says is ‘protecting the privacy of it’s users‘ by preventing folks access to the email addresses of their friends. At least the export of those email addresses - along with the ’social graph’ info that is inherent in one’s list of friends on Facebook. Many folks support this notion and defend Facebook for preventing this access.
On the other hand is Joseph Smarr, Robert, Michael Arrington and myself (and 100’s of others) wrote up a Bill of Rights for Users of Social Media in anticipating these very issues. We feel that Facebook does not own our data - we do. And by preventing services like Plaxo’s Export thingie/script from freely operating - they are breaking our Bill of Rights.
Facebook has been ‘hiding behind the shroud of privacy‘ for awhile now - but you can see that it’s not so simple as one of our co-authors (Arrington) says that Plaxo ‘flubbed it’.
What alternative did Plaxo have Michael?
The issue is the origin of all this user data. Clearly - as Kara points out - MOST - of Robert’s data is his own, but as Dare and others point out the email addresses in fact are the possession of the friend, not Robert. Robert’s right to have a copy of that email and to be able to easily contact that friend - is the question.
This is where an opt-in control would solve the problem.
Facebook and all social networks should build in a feature which empowers users to control whether or not their email (and other info) could be exported if they were on some friends list. So all of Robert’s 5,000 friends would have to opt-in to allow ‘exporting of their data’, before he could gain access to those email addresses.
THEN Facebook (and others) wouldn’t have a leg to stand on. By providing an explicit opt-in mechanism end-users would have to check “YES - I want to allow my email address to be exported inside of my friend’s lists of their friends“, which at that point who are YOU Mr. Social Network vendor - to prevent me from doing what my friend’s say is OK?
Now where’s your privacy’s claims?
If we had such an opt-in control and if it was agreed to between social network vendors - then we’d be there.
Certainly its a great day for Plaxo and DataPortability.org. I’m just not sure how fun it was for Robert. We’ll find out ‘on the bus’.
January 3rd, 2008 at 10:39 pm
Marc: I just wanted to let you know that I read and appreciated your response on this subject from a few weeks back… comments were closed by the time I got around to replying.
Anyway, I did misunderstand, and we’re much closer to agreement on this than I initially believed. I see no reason why Facebook or any other major player would avoid an opt-in export option. Yeah, it will allow second-stringers like Plaxo to score PR points when an A-lister like Scoble bounces from service to service with a subset of his friends list, but as this latest stunt demonstrates, the lack of export is just as likely to be played against them.
January 4th, 2008 at 12:38 am
If FaceBook shows you an email address and stipulates that you can’t use it outside of their system, that’s funny; what’s to stop you? Doh. This is a false debate.
If you want opt-in controls for this; that’s cool. But default data must first be “obfuscated” - otherwise opt-in is meaningless.
January 4th, 2008 at 2:36 am
I find this interesting in the context of LinkedIn and Webmail services like GMail. And particularly interesting because Plaxo is involved. We would be horrified if Mail *didn’t* allow us access to the email addresses of our friends. So it’s common to have CSV export and an API for getting them. This in turn leads to libraries like Octazen that enable the “find my friends on this service” function in every new YASN. LinkedIn sit in the middle of the spectrum. They’ve had a CSV export of email addresses for a long time. Nobody bat’s an eye at this despite the fact that there’s no opt in. Meanwhile Plaxo have built a business on syncing all this data between your different data stores of emails. And yet, they don’t have a formal API for querying the data, perhaps because their business is built on selling you the tools. Which leads to Octazen being unable to get *your* contact data out of Plaxo. This wasn’t a problem until Plaxo started being a YASN as well. By the time we cross the spectrum into MyOrkutFace territory we’re seriously into (Bat Country!) VC funded member growth at all costs. Now it’s not in their interests to allow any export ever. The only thing that matters is viral growth[1], stickiness and page impressions.
Over on my tiny site, Ecademy, we took the decision a long time ago to provide as many APIs as we could and to expose any data that was available as HTML in machine readable formats. If you choose to show your email address on your profile, you must expect it to be available in FOAF, VCard, CSV and whatever else I can support. So the opt in is “Am I visible” and “which of my contact details are visible”. Once that’s done, the rest follows.
[1]I’m afraid I now hate Facebook. Every function in there is a poor copy of better functions provided by single purpose applications elsewhere. eg Twitter, Upcoming, phpBB, Flickr, Wordpress, etc etc. The one and only thing it’s good at is being viral. The one thing going for it is that there’s lots of people there. The real trick in 2008 is going to be interop between all the special purpose sites so we don’t have to do the “Am I Your Friend? Y/N” dance on each shiny new Social Site we sign up to.
January 4th, 2008 at 3:36 am
This is my stance too, the users should be in control of their data, they have the option of which container it heads to.
January 4th, 2008 at 6:55 am
[…] an invitation to the site to join their push for a single standard. Marc Canter thinks we need better access controls for our data, and Chris “Factory Joe” Messina thinks that we need to move away from […]
January 4th, 2008 at 9:46 am
[…] As expected… Marc Canter’s take. […]
January 4th, 2008 at 10:36 am
In our tiny site, EnThinnai (which will become a tiny application that users will run it on their servers) every speck of data is controlled with opt-in (with default deny) supported by “two-way API”. There need not be any SN provider to realize the services of SNs.
January 4th, 2008 at 10:47 am
[…] « Opt-in controls for allowing your info to be Exported […]
January 4th, 2008 at 11:12 am
[…] Marc Canter argues that if data portability is to be done properly, social networks or any service which invites users to submit contact data should give users opt-in controls… that give every user the ability to control en masse (or maybe even on a case by case basis) - who can export their personal data (mainly email address) via a ‘friends list’ export. […]
January 4th, 2008 at 12:05 pm
[…] example, Marc Cantor feels that opt-in control would solve the problem. He states: By providing an explicit opt-in […]
January 7th, 2008 at 9:30 am
[…] is lastiger dan het lijkt, misschien dat de opt-in suggestie van Marc zo slecht nog niet is… Stem op dit artikel of voeg het toe […]
January 18th, 2008 at 2:46 am
[…] sind erste Symptome einer Auseinandersetzung, die gerade erst beginnt. Der Kampf ums Profil. “Wem gehört das eigentlich”, wird spätestens dann gefragt werden, wenn ich Dank openID nicht bei jedem Social Network meine […]