Day 2 of Supernova 2008 kicked off this week with a variety of panels to choose from. While many of the Web 2.0-ers were getting settled in the Open Flow Track, MC-ed by Tantek Çelik, , I joined the alternative crowd for the Privacy and Security in the Network Age panel.The session started with the overarching ideas around privacy. Online, everything we do creates data and/or a transaction. A lot of privacy concerns are no longer about who you are, but what you do. Typical "duh" factors exist such as technology is always moving faster than laws. Even when laws are made, they risk being ineffective, as many have seen in the case of the CAN-SPAM Act, or lacking true protection, as with the company-not-user-data-protection under Sarbanes-Oxley. Bruce Schneier, of BT Counterpane, brought up various points about how he views the reality of privacy. In the "security vs. privacy" argument (e.g. you have to give up your privacy to gain security) Schneier stated that you should call bullshit on that false dichotomy, giving examples such as burglar alarms, and that the reality is about "liberty vs. control".Fran Maier, of TrustE, went on to elaborate that a lot of the current architecture for privacy online is a question of "choice or consent". Examples like Facebook were given as case studies of more granular privacy controls. I have recently made similar remarks about FireEagle's consideration of location privacy. Focusing on overall online privacy (not just focused on social networking), the panelists agreed that intrusion issues of spam and phishing were not about privacy, but rather about control. With issues of control, entrepreneurs can often take advantage by providing anti-spam/virus products. This made me question why, with the open APIs on social networks, no one has built a similar solution for blocking spammers/trolls/stalkers from friending you? It has been discussed before with all the chatter around data portability and XFN to include the ability to port your "block list" from network to network as well, but we've yet to see this come to fruition.More importantly, the panel called for a system of accountability for privacy and security. It was stated that security includes how you live everyday (e.g. living in fear). Public shaming of companies used to work as one of the only ways to get them to increase their lack of security measures, but with data breeches being reported more often now, the press barely makes a mention of it anymore. While that is certainly a negative, the positive effect has been that it's now a lot easier to resolve identity theft. Since identity theft is so common, companies know how to deal with it. On average, a victim of new account fraud loses only about $40 and 10 hours to clean it all up. Again, I have to wonder if the Web 2.0 companies will ever reach a time where dealing with identity theft, stalking, harassment, abuse, etc. will become so common that they (like credit card companies today) will know how to deal with it without putting their victim consumers through more trouble? I raised this question to the panel, who seemed pessimistic about that prospect. Unlike credit card companies, social networks have little if any financial incentive to provide security, and as such, it will most likely always take a second priority.In the end, Schneier said that society may not be ready to handle privacy - similar to pollution, it may take a good 20 years or so for the masses to truly wrap their heads around it and do something.
Let's bring in a consultant
This made me giggle. (Thanks, Adam!)Additionally, Jeremy Toeman posted Working With Consultants: Some Dos and Don'ts
Supernova 2008: Defining the Challenges
Supernova 2008 held day 1 of the three-day conference yesterday in San Francisco's Mission Bay Conference Center. The opening session tackled "defining the challenges", which was admittedly a fairly vague title. Clay Shirky, author of Here Comes Everybody, started off the session taking about the characteristics of organizing groups online and offline. Shirky pointed to prospering examples of organizing groups online such as the Meetup Alliance.The presentation pointed out a number of case studies to gain insights from. From a flashmob being arrested in Belarus for organizing a collective "everyone eat ice cream at the same time" event to Xerox's lack of source code in 1980, characteristic contrasts were made between the ease of online versus offline. It was explained that density and continuity in niche groups used to exist due to inconvenience, but those same aspects need to now exist by design online in order to be able to network and organize effectively.Questions from the audience asked for advice on "community management" (or, lack of a better English phrase, as Kevin Marks stated). Shirky said that a self-policing communities often take care of the problems that arise. Later, Shirky clarified, to my concern of the possibilities for a community run by mob rule, that this mostly works and works when the community knows they can "call a cop at key moments".
Google I/O: OpenSocial 101
Last week I had the pleasure of attending the Google I/O, a two day developer gathering in San Francisco. The first session I sat in on was OpenSocial: A Standard for the Social Web with Patrick Chanezon, Kevin Marks, and Chris Schalk from Google. The session aimed to answer "what does social mean?" and "how do we socialize objects online without having to create yet another social network?".While APIs provide data for friends, profiles, and activities in social networks, different APIs make it difficult for developers. This is where OpenSocial comes in. Based on HTML+Javascript+REST+OAuth, OpenSocial was promoted in the session as an easier way to develop applications for a variety of participating social networks at once. With upwards of 275 million user distribution, OpenSocial can definitely be seen as an API that opens the flood gates.While OpenSocial is great for developers, what do users get out of it? Chanezon, Marks, and Schalk explained that the users are able to then use more applications. More applications aren't necessarily a good thing, however, like in the case of Facebook where many users are experiencing the fatigue of using applications that lack relevance.Marks discussed how containers (e.g. social networks) don't choose users - they simply grow through homophily and affinity, sometimes bringing unexpected user bases. Because of this, OpenSocial provides a sense that specialization is no longer required. Though the lack of specializing may benefit the developers, I think it may hurt the users in the long-run. A lack of application specialization based on each individual network often overlooks the intricacies and quirks that resonate with the individual userbase, thus creating a less-than-ideal user experience and a lack of unique value propositions. OpenSocial may represent progress for open standards, but not if it means an outbreak of "Zombies vs. Vampires" starts following you from network to network.
CupcakeCamp comes to San Francisco this Sunday!
(artwork by Cindy Li)The first ever CupcakeCamp (inspired by BarCamp and the constant cupcake gatherings in New York) is coming to San Francisco this Sunday! CupcakeCamp was created by Cindy Li, Lynn, Marianne Masculino and myself with support from the cupcake-loving community.To RSVP to CupcakeCamp, go here. We also have a wiki here.Cupcakes Take The Cake recently interviewed me about CupcakeCamp and my personal cupcake views.Can't wait!