Identity / Profiles / Trust

I read two interesting articles today, both on companies adjudicating the content of messaging:

Firstly, this story on Search Engine Land about Google maybe interdicting false linkbait stories, Matt Cutts saying:

My quick take is that Google's webmaster guidelines allow for cases such as this: "Google may respond negatively to other misleading practices not listed here (e.g. tricking users by registering misspellings of well-known websites). It's not safe to assume that just because a specific deceptive technique isn't included on this page, Google approves of it."

There's not much more deceptive or misleading than a fake story without any disclosure that the story is hoax.

Secondly, Facebook looking at censoring user messaging:

If you ever get the itch to use the word "yuwie" or perhaps make reference to "wadja.com" - don't bother. "Some of the content you included in this message is not allowed by Facebook," is the message you'll get in response. Both of the above are small social networks, but you can't even send a message about how something disgusting (like yuwie.com's site design) made you say "yuwie, that smells bad!" On principle, the whole thing stinks.

Obscenity isn't blocked by Facebook, I was able to send a message that said "John McCain is a f*cking Nazi" (asterisk free) with no problem.

(Wadja etc are Facebook competitors - f*cking Nazis are not)

Google is trying to be helpful, though it may be in real danger of getting the law of unintended consequences applying. Facebook is just being Facebook - Umair Haque would argue their DNA just started evil, no doubt.

The thing that interests me more about these happy groovy "Web 2.0" players is that they are even considering message interdiction - the "Web 0" usenet, and Web 1.0 tools (email, IM) by and large did not. Clearly though, there is something now in the Zeitgeist and that is concerning to anyone interested in user privacy and other rights

Update - here is another interdiction call - a woman who has been called nasty names and had identity details "outed" on Twitter wants to get her "stalker" banned from the service. Twitter had a look at the person's behaviour and its terms of service, and decided this was not its problem.

I think Twitter are right - this is another case where doing the politically correct / expedient / nice thing - interdicting the nasty-person - is probably the wrong thing to do big picture as it sets a dangerous precedent for the rights of all users. There have always been a**holes on the internet, and the "social net" means that most people - inadvisably in our view - have put more data about themselves on it than they should. I suspect we will see more and more of this on Social Networks as opponents, jilted lovers etc trawl the archives to expose your digital detritus. (Incidentally I see that the complainant also works for a Twitter competitor - hmmmmm )

A friend asked me which was the best system for posting from Twitter to blogs, I hadn't tried out any so initially set up the Twitter one, that posted friends' feeds to the RH side of this blog. It works very well.

But I've taken it down.

I didn't like 2 things about it:

(i) It posted people's real names, not their Twitter handles

(ii) It posted stuff from people who had asked that their posts be kept private and visible only to their friends.

Its an interesting lesson in privacy - just because you set certain privacy rules in one social network it does not mean that those rules will be kept once data is exported.

When we looked at how to avoid Phorm phishing our digital footprint, we thought the obvious way was to generate "white noise" - ie a whole lot of spurious behaviour that masked our real behaviour - we looked at using the Dogpile live search feed to throw back into the system for example.

(FYI - Dogpile is my default search engine, has been for 8 years - it searches all the others and You Know Who knows less about me that way)

It looks like others have had a similar idea, notes El Reg:

Coding activists have developed an application designed to confound Phorm's controversial behaviour-tracking software by simulating random web-browsing.

The folks behind AntiPhormLite says this means actual browsing habits are buried in noise. The app, which is available free of charge, is designed to poison the anonymised click stream Phorm collects with meaningless junk, thereby (at least in theory) undermining its business model.

Like with killing popups, the Web will find a way - I expect it to be automatic in browsers within months. How that will impact Phorm's "interesting" public valuation I don't know, but I guess we will find out in fairly short order......

The Register points to the "makeover" Phorm has been giving itself on Wikipedia:

Phorm has admitted that it deleted key factual parts of the Wikipedia article about the huge controversy fired by its advertising profiling deals with BT, Virgin Media and Carphone Warehouse.

The tracking and ad targeting firm said in an email: "We wanted to clarify a number of inaccuracies in the Wikipedia entry on Phorm."

As El Reg notes, this desperate want has led to practices which are actually violations of Wikipedia practice, never mind telling porkies....

The spokesman said Phorm's PR team had not been aware of Wikipedia's policy on conflicts of interest. Among many other rules they violated, it states: "Producing promotional articles for Wikipedia on behalf of clients is strictly prohibited."

A BT representative meanwhile wrote in an email: "I don't see anything wrong with correcting Wikipedia articles about your own company or services."

However, the edits made by Phorm included silencing factual primary information, that has been acknowledged as correct by the parties involved.

I thought Wikipaedia was also violated if you wrote about yourself on it - clearly Corporates think they run on different rules?

This was fairly high profile, given Phorms' prior form, but one wonders how Wikipedia will deal with the daily drip drip drip of PR attacks. In the great fight between enthusiastic amateurs vs paid professionals, at some point amateurs usually run out of time, money or energy. One can only hope Clay Shirky is right, and enough Everybody's continue to come along to put things right.

Update - friend pointed me to this article with video debates on Wikipedia, including arch chatterati hate figure Andrew Keen Addresses some of the issues covered above.

If imitation is the sincerest form of flattery, then cutting someone else's work and pasting it on your own blog is downright adulation - this is a fascinating piece of analysis by Louis Gray, shows what is possible with crunching Social Network data.

The new company profiles on LinkedIn are a gold mine for reporters who want to get data beyond what the PR guys may want to dish out. (See: LinkedIn Is a Paradise for Smart Reporters)

Want the average age of an employee? A good estimate is on LinkedIn. Want to know if there is a high level of turnover, and people don't stay long? LinkedIn has that too. It also can provide hints as to whether a company is so strong that folks aren't leaving at all, or if they are leaving in exodus. And if you peer closely enough, you can see the Silicon Valley carousel, as employees move from company to company in search for the next big thing.

You can see employees move from PayPal to Google, Yahoo! or LinkedIn. You can see Friendster employees went to Yahoo! and Zazzle, or from Napster to Apple, Yahoo!, Microsoft and Google. And if you think Google is getting all the good employees out there, there's no question they get their share, but so far, it looks like Facebook is getting a lot of new hires, and nobody's leaving - a boomtime for the social networking giant.

Interestingly, due to Apple's tenure, and the company's rising from the ashes with the return of Steve Jobs, you can see employees that once left the company have returned, having never lost the Mac religion.

Check out the diagrams on Louis' blog. The thoughts Pandora and Box come to mind................

Data portability has been climbing the Tech Buzztrends for awhile, but this BBC note from Sir Tim Berners Lee implies to me that we need to get the privacy horses sorted out before the portability coach is harnessed up:

Sir Tim said he did not want his ISP to track which websites he visited.

"I want to know if I look up a whole lot of books about some form of cancer that that's not going to get to my insurance company and I'm going to find my insurance premium is going to go up by 5% because they've figured I'm looking at those books," he said.

Sir Tim said his data and web history belonged to him.

He said: "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return."

This is probably my main interest area in the development of VRM - my data has a value, and I'm damned if the Internet is going to be a system that extracts it from me without some benefit. And long before I am worried about its portability, I want some guarantees as to its privacy. In particular, Sir Tim was worried about Phorm, a company which tracks web activity to create personalised adverts - the BBC says that its:

...system offers security benefits which will warn users about potential phishing sites - websites which attempt to con users into handing over personal data.

The advertising system created by Phorm highlights a growing trend for online advertising tools - using personal data and web habits to target advertising.

In our view the best way for the ISP-level Web to go is as a neutral supplier of service, as Sir Tim notes:

"I myself feel that it is very important that my ISP supplies internet to my house like the water company supplies water to my house. It supplies connectivity with no strings attached. My ISP doesn't control which websites I go to, it doesn't monitor which websites I go to."

More worryingly for us, it looks like our ISP, BT, has signed up for Phorm. The thing is, I am already paying for my ISP connection, I really, really don't want advertising models on a paid-for service.

Well, we objected strenuously to Facebook Beacon, and are now no longer on that site. Rest assured we shall evacuate any provider that tries to foist Beacon, or Phorm, or whatever comes next, on us.

Update - I've just found out that there is an e-petition against Phorm, over here.

Update II - I am seriously enjoying the Slashdot discussion on this

Update III - the FIPR have written a letter to the Information Commissioner alleging this is illegal.

The reason we got interested in VRM initially was a project we were working on awhile ago which we called "white label Identity" - we were getting increasingly worried about just how much the search engines and consumer sites were able to glean from your digital footprint.

The idea was to have a service that knew who you were, so it could authenticate you, and it then represented you - and many others - in your cruisn round the web. So Google et al don't see you, Jo/e Sixpack, with your surfing history and credit card number, but instead see an aggregated identity doing many different things, and when you want to spend money the White Label just says "yup, I'm up for that - charge it"

Anyway, I was reminded of that when I read this paper on "Identity Escrow" - its a much catchier term for what we were looking at (the skill with many of these "old wine" ideas is the correct labelling of the new bottle methinks

Now, at the time, when we tested the idea the two things that came back instantly were:

(i) A lot of people would immediately want to be very certain it wasn't being used for money laundering etc, so the entity running it would probably have to be fairly well regulated to be trusted (or set up in the Cayman Islands - hmmmm...). In Europe anyway, national Telcos emerged as trusted parties for this service, banks at a push, HM Gov (before the disks fiasco), but certainly not dodgy startups.

(ii) At the time (c 3 years ago) the rank and file out there couldn't give a toss about security anyway and wouldn't pay tuppence ha'penny for it - and to be honest, looking at the collective "So?" that has greeted the revelations about Facebook Beacon etc, I'm not sure its much better now

Anyway, we wrote the report, took the money, and went off to fields anew - However, I do note that towards the end of last year and since, there have been increasing rumblings, and the emergence of stuff like VRM makes me think this is an area whose time is coming.

Good article on GigaOm re privacy and gradations of paranoia:

Feeling Practical But Not Paranoid?

Do not use desktop search tools like Google Desktop or Microsoft Desktop Search. A full index of every keyword on your hard drive in the hands of marketers is very useful for the purposes of targeted advertising.

Do not use webmail from a service provider like AT&T, Google or Microsoft. Same reason as above, except here it applies to every email you send or receive.

Do not use browser toolbars or desktop gadgets. Both of these types of add-ons from companies like Yahoo and Google are known to gather information on your online activity for marketing purposes.

Remove all social network accounts. There is loads of good information there that can be used for targeting and correlation. At the very least, remove all personal information and have a username that does not give any clues to your true identity.

Which is no doubt why certain SocNets want Real Identities

Clear your browser cookies after every session. Alternatively, only search using Ask.com and enable AskEraser. To take erasing your footprint a step further, do not accept any browser cookies by default. This additional step will make web surfing slower and more intrusive as you will have to manually accept or deny cookies. That being said, if you surf for an hour without accepting cookies by default you will become much more aware of them, and that in and of itself could prove enlightening.

It is indeed enlightning......I don't know if y'all have ever tried CrapCleaner but its a nice little package for cleansing the system.

Change your local username daily. Browsers and other software have been known to pass local usernames to servers as part of their operation. If your username is something like “first.lastname” this is clearly useful information for data collection purposes.

Use Opera. With Opera, you can mimic another browser’s identification string, which helps mask your browser’s settings and reduces the information that you send to a web site when you visit.

Must say, I don't do these last two....

Paranoid and Happy to Admit It:

Do not make international phone calls. Even if warrantless wiretapping by the NSA does not concern you, you need to be aware of Echelon.

Do not have a home broadband connection. If you have a home broadband connection, a network service provider can map your name to your IP address to your physical location. Again, your name, where you live and your Internet activity is all useful information for marketers.

Use free Wi-Fi. If you don’t have a home broadband connection but you will still want to be connected, find a free wireless access point at a local coffee shop. To further hide your existence, every time your computer associates with a wireless access point, manually change your MAC address.

Install a host-based Intrusion Detection System (IDS) like OSSEC. Assuming that you are already using a personal firewall, anti-spam and anti-spy software, a host-based IDS will ensure your computer isn’t being used without your knowledge. For an additional level of security, you could block all Internet traffic except for HTTP (port 80) and then log and trap anything else.

It will be interesting to see how long it takes for obfuscating routers and MAC address auto-switchers to emerge. And if you are certain they are out to get you...

If you’re not satisfied being paranoid and want to venture into the land of Ted Kaczynski, you should give up on email, not have a home phone, use a pre-paid mobile phone that you change frequently, get all of your physical mail at a P.O. box and do every transaction (including buying a home or cabin in the woods) with cash.

There is an interesting article from Sandy Pentland of MIT (pointer via Nick Carr).

The subject is Reality Mining:

Reality Mining defines the collection of machine-sensed environmental data pertaining to human social behavior. This new paradigm of data mining makes possible the modeling of conversation context, proximity sensing, and temporospatial location throughout large communities of individuals. Mobile phones (and similarly innocuous devices) are used for data collection, opening social network analysis to new methods of empirical stochastic modeling....

...Our research agenda takes advantage of the increasingly widespread use of mobile phones to provide insight into the dynamics of both individual and group behavior. By leveraging recent advances in machine learning we are building generative models that can be used to predict what a single user will do next, as well as model behavior of large organizations.

So far so good...in fact Telcos have been doing this for decades (remember Friends and Family), and the Mobile aspect has been around awhile so no surprises there. However, predicting what an individual will do next is emergent - the sheer processing power and data required has made this impractical in the past. But here's where it gets even more interesting...

Just look at a cell phone. It knows where you are, and this is obviously sort of useful. But the generalization is that maybe it can know lots of things about you. Take your Facebook friends as an example. The phone could know which ones you socialize with in person, which ones are your work friends, and which friends you've never seen in your life. That's an interesting distinction, and reality mining can make it automatic. It's about making the "dumb" information-technology infrastructure know something about your social life. All this sort-of Web 2.0 stuff is nice, but you have to type stuff in ...

This reminds me of the thoughts I had when I was listening to Leisa Reichelt talk about Ambient Intimacy at FOWA, ie the "intimacy filters" are just too coarse today. We had earlier done a piece of work on what we called a "Multimedia Directory", ie something that links all the directories you have into one system. I was well aware of the level of analysis a network operator can apply to a social net then, so at the time I wrote:

....If presence data is persistently out there, it means others can potentially see every 'phatic transaction you ever made, a thing which we humans have devised a huge number of routines around keeping fairly private in real life - or at least we have always worked in social nets where it is non persistent so memory fades (so I can't count the number of times Leisa poked Jyri rather than me in the last 10 years, for example) - so making it extremely clear where we stand with each other in relation to others is potentially quite explosive.

In a way Twitter measuring all the @xxxx links is an early day implementation of these concepts

However, reading this article tonight has pushed my thinking further. If you take the transactions going on by definition in any ambient intimacy world, deep monitor the way you attend to the stimuli, and hit the events with reality mining, you get a system which is Beacon on steroids (Beacon does not yet see your ambient comms across all media). And as Pentland notes:

"The people making policies don't know what is [technologically] possible, and they don't necessarily make policies that are in our best interest ... These capabilities are coming, but we have to come to a new deal. It doesn't do any good to stick your head in the sand about it."

And as we have learned with Facebook Beacon, there are people who are fully aware of what these systems can do, and are desperate to do it despite "smart user" concerns as it is clear the rank and file don't know / don't care.

Thus I think we need to start to think very clearly of how to obfuscate our ambient intimacy tracks, because UM / SocNet systems like Twitter and Jaiku are the start of these sorts of systems, and if Facebook, Google, or even Yahoo can get their hands on your composite online and telephone activity together, then, as Nick notes:

The commercial value of reality mining is far too great to restrict the technique to the ivory tower. The resulting intrusions into personal privacy could well be dramatic

We were wrong re the Twitternuts being more secure now - music hath charms to soothe a savage breast, but Twitter on the other hands seems to invoke savage passions in those same breasts. GigaOm's Anne Zelenka has royally fisked Scott Karp's complaint about the Signal To Noise ratio on Twitter:

Isn’t that what human interaction is like? Sometimes there’s an urge to say something just for the sake of saying something — just for the sake of interaction or recognition. Sometimes there’s conversation that doesn’t really mean anything; there’s no signal in the noise of ambient intimacy.

Oh it’s the old productivity thing! Got to optimize the human right out of our lives:

I agree with Scott btw....Twitter is a River of Trivia - but I wanted to pick up on the Ambient Intimacy point (I referred to it in my original post on the matter yesterday, seems like its been picked up ) as I had some thoughts on this when I heard Leisa Reichert speak on the subject at FOWA.

Firstly, unlike ambient music where I can still multitask, ambient intimacy means I have to turn my attention to the messages (like email in the early days...you just had to respond then and there) and frankly I don't have the time ( and after the novelty has worn off, the interest ) to keep that low level of social grooming going.

Secondly, some people then abuse it - it becomes "push voyeurism" at best, ego-spam at worst, and the Signal to Noise ratio hits the roof. So you have to turn off the whole person, and thus miss the stuff they say which may be relevant

I have a suspicion that Twitter is most useful for people with a lot of "lumps of time" on their hands - either home-alone-workers, or frequent travellers (or, dare it be said, distracted employees) - and for them its a useful medium to connect as they have time to manage the Noise bit down.

However, to really work scalably it requires us to have - and this was my discussion with Leisa after her talk - "Intimacy Filters" which can take context from the network parameters and winnow the twits down - ie the SocNet has to be far more nuanced than it is now to be useful as a utility for most people.