Brian Aker [02.02.08 12:19 PM]

Hi!

Somewhere on the web I saw a comment where you have a conference coming up where a keynote speaker is married to your daughter (BTW this is not me calling you out on this, I think it is just fine... we live in communities).

If someone could have just selected the individual and seen this relationship through a simple graph would it still have been news? Knowing that this information would be clearly visible make you more or less likely to put him on stage?

Personally I love how this information is going to make us better consumers of society. We stand to gain the chance to better understand our environments. When I go to interview someone I will be able to better understand why the person is being interviewed. When I read something I would like to know which of my other friends read a particular author.

I believe there is a chance that there will be a backlash and people will attempt to become more private, but I seriously doubt this will succeed. There will be an education cycle where individuals are surprised to see how much information is available on them, but this will just make more people aware of what they share.

Someday Google, or its descendent, will be paying old people to walk around with cameras attached to their walkers. They will earn pennies on what they record and provide back to the internet. Toss in facial recognition and we will be able to build charts of who has met who, and how often they interact. Privacy is a sham.

Cheers,
-Brian

Oscar Trelles [02.02.08 12:38 PM]

I was having the same debate myself this morning, while playing with Google's API. My current thinking is that the advantages of having a standard for relationship discovery are significantly superior to the potential risk of abuse.

Chad Allen [02.02.08 01:07 PM]

I disagree.

"It's a lot like the evolutionary value of pain. Search creates feedback loops that allow us to learn from and modify our behavior. A false sense of security helps bad actors more than tools that make information more visible."

I think you're justifying the security and privacy violations to yourself, because, lets be honest O'Reiley Media and it's affilates make a ton of money off peddling this stuff.

For you to even mention that you personally justify the means by saying "bad people would do it anyway" doesn't bode well for your argument. "What are the Indians complaining about? Someone would have taken their land anyway."

Social Media, Social Networking, Social whatever - all boil down to one thing. Voyeurism. Humans are intrinsically voyeuristic - Americans especially. Reality television? Voyeurism. MySpace, Facebook and it's related kin? Voyeurism. It comes down to the human condition and a humans need to compare themselves to another human. What age group is this most prevalent in? Young people. Ages 10-~25 are constantly comparing themselves, what they have, and what they want, to others. What age group are social networks most prevalent in? Ages 10-~25.

Creating an "image" in the form of a personal page, or by adding certain top friends, or which kind of dumb 'quizzes' people take, the brands I affiliate with all boil down to creating an image of myself, that you take that image and compare it to others on the same "social network".

Seriously. This stuff isn't as complex as you people make it out to be. It comes down to my "image" - "persona" if you will and comparing that to others. AKA voyeurism.

Ben Bangert [02.02.08 01:54 PM]

First, "security by obscurity".... no, its actually called having privacy and control over your own data. Don't bring out a classic anti-closed source argument to try and make it obvious we should sacrifice our privacy for no good reason.

Second, their absurd argument that its 'all public data anyways' is 100% completely false. Show me a website that tells you the emails and web personas of all my family, I know it isn't out there. You might be able to find some people on a friend list on FaceBook, which might tell you about who I choose to connect to there. But with the current privacy restrictions, you don't know the relation of those people to me, and I'll be deleting my FaceBook account promptly should they ever decide to make that data public. People DO care about how much data is exposed, as the recent hoop-lah over the FaceBook Beacon program should have demonstrated. And that's far less invasive compared to Google's Social Graph API.

Most of the data that is public, is not necessarily exposed with the users full awareness, which should lead people to question if it really should be public. Merely pointing to places where this data got exposed, as a sign that it should be exposed, is a completely invalid argument. It's like arguing that murder should be legal because people have murdered. The fact is, all of this data is not public, and its definitely not nearly as thorough and detailed with regards to relationship types as the Social Graph pushers would like. Not to mention many people on the services where their links were exposed might not be fully aware of it.

In the end (ignoring the first 2 points entirely), we have two ways that can accomplish the handy social portability that seems to be desired:

• A Google Social Graph API type system, where all your data is at Google, and all your privacy is in their hands.
• A distributed system, like several that have been proposed with specs being made, where your data is in your hands, and your privacy is in your control.

Given these two choices, why do you pick the one that torpedoes privacy and control, when there is a choice that doesn't? Have you asked your daughters how they'd feel about having all this data about their relationships exposed? Is there a large group of people at Social Graph Foo from the ACLU, EFF, and, and the Privacy Rights Clearinghouse to represent the people who will be affected by all of this?

Thomas Lord [02.02.08 03:34 PM]

Tim,

First, I take exception to the idea that innovations such as Google's "make us smarter." Your defense of the Google Social Graph API suggests that, in this case, it has made you, for one, dumber. You say "Google is showing us what data they do have in their hands". Really? Ok, I'll take a copy of all correlated data from Gmail, click trails, and searches please. Not available you say? Hmm. Can I please have a report about any metrics they might develop about what advertising programs seem to boost participation on the Google Social Graph? What's that, trade secret, you say? If they are following the intel community's practices,they'll be monitoring the dynamics of change in the social graph from various perspectives: may I please have copies of all of those algorithms, audits of the use of their database, and any or all executive reports formed from the data? Shucks, I guess I ask too much. Well, at least I can probably ask for voice-prints of many users and, perhaps, some aggregate data about patterns found when social graphs are correlated with location data from Android.

Your cheer-leading helps not only confuse understanding of the problems but, more importantly, to create the problems. It started with GNU/Linux being taken over by the open source opportunists to create the first Internet bubble, followed by your Web 2.0 analysis of what characteristics the "survivors" of the first bubble had in common. Like Esther before you hold considerable sway over the investment community. More subtly, over the hacker community for what do eager out-of-left-field hackers take up these days but to try to improve their web application toolkits for "social networking" features or their doomed-to-fail but meme-spreading unwashed start-up attempts?

I can't see much need to look beyond the response of kids who participate because they'll be ostracized otherwise, or young adults for whom (other than those trying to bootstrap bands) the services make a poor substitute for mailing lists.

A better definition of Web 2.0 might be "services which aim to stalk users, and to modify the behavior of users to make them easier to stalk".

Your personal perspective on all of this, and that of many of those you directly deal with in business, is a very uncommon one. You're a world traveler very close to high finance and industrial leadership. You interact or are one off from many more people in those classes than most. Of course you want the world's ultimate address book. That's mostly just you guys, though. The meaning of what you're hypnotizing each other into building out has an entirely different set of meanings for "the rest of us".

-t

Ben Bangert [02.02.08 03:50 PM]

Tim --

I've read the Social Graph API, yes. Have you asked some people from the ACLU, and the Privacy Rights Clearinghouse what they think of building up this huge trove of social graph data, and encouraging users to spill their guts on who they know and how they know them?

The base data set that Google has, that is, a declaration of all 'public' data as inferred purely by linking people to their sites, and the sites to each other, is mostly harmless (Though I still wonder what Kaliya would think about that being so easy to dig up). It's the additional data, that is currently private, the values of these relationships... that is where the privacy situation gets worse. Google already indexes the XFN data that indicates these relationships, and I'd be surprised (though pleased) if they didn't let you easily give up that private data in the page you posted where you were able to 'correct' data.

I've been playing a bit with the Social Graph API, and so far, its mostly useless. It's about as useful as finding someone with Google Search... which was unable to find a bunch of people I found from the more detailed data Facebook got people to supply. I'm sure Google would like that level of detail (and private data), so I won't be surprised when they let the users decide to spill their guts by marking up the relations and adding more data. This is where it will clearly be accumulating large troves of private data, by encouraging users to declare it 'public'.

Granted, this is just where I think its headed, and since I'm not on any sites that are publishing XFN's of detail on me, Google's Social Graph search results for me and quite a few of my friends I know, are pretty lousy. And I'd really like it to stay that way. There's a lot of users that have data out in XFN because a service they're on added it, and they most likely didn't notice. What's being done to ensure all the existing XFN data out there was put out with the explicit permission of the people it belongs to? And no, I don't mean some user agreement buried in legalese in a Terms of Service.

Thomas Lord [02.02.08 05:37 PM]

Tim,

"What is possible" is actually a very, very large space. Many things are possible.

The fallacy of the broken window applies here. In spending a lot of money and advertising and consumer attention building out social networks, we are spending resources that could also be spent building out other possibilities.

So there is some arbitrariness to the accident that the emphasis wound up where it did. One might speculate that it's "determined" by "human nature" but to move such beyond speculation would be very hard indeed. Rather, it again and again becomes apparent in retrospect that the "technological breakthroughs" that dominate what gets built out are nothing of the kind. The thoughts were there earlier. Other options were on the table. Factors external to simply the march of technological process influence which of the "what is possible" futures we actually pick.

I take it you are at foo camp? Listening to a lot of people who already agree with you on many issues? Who in one way or another agreed to enter this echo chamber where even disagreement is narrowly constrained to conform to a small number of agreed upon debates? And you are surprised that you come away with your views reinforced? Perhaps no more than slightly tweaked in the yes/no bits of a few sanctioned "controversies?"

Don't act so surprised. You need to get out more.

-t

Thomas Lord [02.02.08 07:29 PM]

Oh, don't think of me as negative. That's a harsh rumor and gets spread around by unscrupulous types.

I've been around a bit, that's all.

A better criticism might be "power grubbing." Why do offer my little exercises in impolitic analysis on power blogs like this one, otherwise? Maybe it's just a stunt. Have I hit you up for investment money lately? Take the renewal of that attempt as read, please.

Why do I want this kind of power? I dunno... I'm just trying to do what experience and teachings led me to see no obvious alternative to. That's how it goes. It's the flip side of your coin, in some sense.

-t

Phil Wolff [02.02.08 08:40 PM]

Scarfing up previously encoded public social graphs is easy. The hard part is working with layers of authorization, privacy policies, archaic/aged data, etc.

The current api is a useful experiment in learning the state of publicly exposed social graphs. But the real value will come from digging deeper.

gregory [02.03.08 08:09 AM]

omniscience is what is possible for consciousness ... we are on the way to everybody being able to know anything at any time...

the various ways in which this growing ability out-pictures itself technologically is of very little importance, the flow from here to there doesn't care

enjoy, gregory

Tony [02.03.08 02:14 PM]

If these sorts of dubious innovations were forced upon users of desktop software as opposed to online services, we'd call it what it really is - spyware.

Its great that so many of the most talented minds of my generation are working to solve the hard problem of how to migrate my contacts from friendster to facebook, saving me untold minutes of toil that could otherwise be spent playing scrabble. If there is some other deeper, explicit, user-centric value to these efforts, it remains largely unarticulated by you or any of the other champions. The vagueness of the whole enterprise at best signals a lack of imagination, at worst is just spin to mask the Faustian ambitions of a group of entrepreneurs. At least you're honest enough to tell us the truth that this new reality will make us feel ill.

In the specific case of Brad's social graph API, the only use I can imagine it being put to at present is that very soon I might be getting spam that spoofs the names of my actual friends instead of wholly fictional names.

zephoria [02.04.08 09:11 AM]

Tim - I just posted this response to your post to my blog, but I thought I'd repost it here because I'd love to hear your thoughts.

just because we can, doesn't mean we should

Learning to moderate desires and balance consequences is a sign of maturity. I could eat only chocolate for all of my meals, but it doesn't mean that I should. If I choose to do so anyhow, I might be forced to face consequences that I will not like. "Just because I can doesn't mean I should" is a decision dilemma and it doesn't just apply to personal decisions. On a nation-state level, think about the cold war. Just because we could nuke Russia doesn't mean that we should've. But, just like with most selfish children, our nation-state thought that it would be infinitely fun to sit on the edge of that decision regardless of the external stress that it caused. We managed to grow up and grow out of that stage (although I would argue that our current leadership regressed us back to infancy).

I am worried about the tech industry rhetoric around exposing user data and connections. This is another case of a decision dilemma concerning capability and responsibility. I said this ages ago wrt Facebook's News Feed, but it is once again relevant with Google's Social Graph API announcement. In both cases, the sentiment is that this is already public data and the service is only making access easier and more efficient for the end user. I totally get where Mark and Brad are coming at with this. I deeply respect both of them, but I also think that they live in a land of privilege where the consequences that they face when being exposed are relatively minor. In other words, they can eat meals of only chocolate because they aren't diabetic.

Tim O'Reilly argues that social graph visibility is akin to pain reflex. Like many in the tech industry, he argues that we have a moral responsibility to eliminate "security by obscurity" so that people aren't shocked when they are suddenly exposed. He thinks that forcing people to be exposed is a step in the right direction. He draws a parallel to illness, suggesting that people will develop antibodies to handle the consequences. I respectfully disagree. Or rather, I think that this is a valid argument to make from the POV of the extremely healthy (a.k.a. privileged). As someone who is not so "healthy," I'm not jumping up and down at the idea of being in the camp who dies because the healthy think that infecting society with viruses to see who survives is a good idea. I'm also not so stoked to prepare for a situation where a huge chunk of society are chronically ill because of these experiments. What really bothers me is that the geeks get to make the decisions without any perspective from those who will be marginalized in the process.

Being socially exposed is AOK when you hold a lot of privilege, when people cannot hold meaningful power over you, or when you can route around such efforts. Such is the life of most of the tech geeks living in Silicon Valley. But I spend all of my time with teenagers, one of the most vulnerable populations because of their lack of agency (let alone rights). Teens are notorious for self-exposure, but they want to do so in a controlled fashion. Self-exposure is critical for the coming of age process - it's how we get a sense of who we are, how others perceive us, and how we fit into the world. We exposure during that time period in order to understand where the edges are. But we don't expose to be put at true risk. Forced exposure puts this population at a much greater risk, if only because their content is always taken out of context. Failure to expose them is not a matter of security through obscurity... it's about only being visible in context.

As social beings, we are constantly exposing ourselves to the public eye. We go to restaurants, get on public transport, wander around shopping centers, etc. One of the costs of fame is that celebrities can no longer participate in this way. The odd thing about forced exposure is that it creates a scenario where everyone is a potential celebrity, forced into approaching every public interaction with the imagined costs of all future interpretations of that ephemeral situation. This is not just a matter of illegal acts, but even minor embarrassing ones. Both have psychological costs. Celebrities become hermits to cope (and when they break... well, we've all seen Britney). Do we really want the entire society to become hermits to cope with exposure? Hell, we're doing that with our anti-terrorist rhetoric and I think it's fucking up an entire generation.

Of course, teens are only one of the populations that such exposure will effect. Think about whistle blowers, women or queer folk in repressive societies, journalists, etc. The privileged often argue that society will be changed if all of those oppressed are suddenly visible. Personally, I don't think that risking people's lives is a good way to test this philosophy. There's a lot to be said for being "below the radar" when you're a marginalized person wanting to make change. Activists in repressive regimes always network below the radar before trying to go public en masse. I'm not looking forward to a world where their networking activities are exposed before they reach critical mass. Social technologies are super good for activists, but not if activists are going to constantly be exposed and have to figure out how to route around the innovators as well as the governments they are seeking to challenge.

Ad-hoc exposure is not the same as a vaccine. Sure, a vaccine is a type of exposure, but a very systematically controlled one. No one in their right mind would decide to expose all of society to a virus just to see who would survive. Why do we think that's OK when it comes to untested social vaccines?

Just because people can profile, stereotype, and label people doesn't mean that they should. Just because people can surveil those around them doesn't mean that they should. Just because parents can stalk their children doesn't mean that they should. So why on earth do we believe that just because technology can expose people means that it should?

On a side note, I can't help but think about the laws around racial discrimination and hiring. The law basically says that just because you can profile people (since race is mostly written on the body) doesn't mean you should. I can't help but wonder if we need a legal intervention in other areas now that technology is taking us down a dangerous 'can' direction.

Kin Lane [02.04.08 10:10 AM]

I am throughly enjoying what the Social Graph API and the information it provides is teaching me about myself.

It is forcing me to re-evaluate how I structure my data, reference other data, and setup relationships.

I have not even moved beyond that.

I think it truly is educational if you look at it piece by piece and look at it objectively.

I assume I will get to a security evaluation soon enough.

Thomas Lord [02.04.08 05:09 PM]

zephoria: nice piece

Stephen Paul Weber [02.21.08 07:16 PM]

Interesting to see all the odd people commenting here who think that indexing public data is evil. Do they think that main Google search is evil? The internet is general? Are they aware that I can find most comments they've left on public sites like this with any basic web search?

If you want it private, protect the page. If the page is public, the information is public, for everyone else there's Facebook (/ offline).