The Day the Video Died

This is the day video died!

This is indeed very scary and troubling! The court had supported Viacom and asked YouTube to throw privacy out of the door and hand over terabytes of logs on a golden platter. YouTube in its defense is suggesting that

"IP addresses identify a computer, not the person using it. It's not possible to determine your identity solely based on your IP address."

Except that if they are going to hand over the IP address AND the username --  isnt that sufficient to almost uniquely identify a user? Firstly, why on earth does Viacom need the username and IP address "to determine general viewing practices"? They can do just as well if the usernames are hashed appropriately and IP address masked or mapped to reveal only geographical association.

What stops Viacom from suing individual users? I am not sure if the excuse:

Oh! that was not me... Errr! There was a party at my apartment and .... errr... well.... ummm... no no! it wasnt me.... my roommate did it!

Is gonna gel particularly well with Viacom's lawyers. Well, if Viacom does indeed drag individual users to court, I would be rather inclined to suing YouTube on this since there is really no way for me as an end user to say if a video on their server, that THEIR recommendation engine is suggesting to me is indeed a copyright violation. Watching a video does not indicate infringement.

Jon Stewart and Stephen Colbert please rescue us from this madness!

Gmail as a Universal Contact List

UPDATE2: Great News! Right while I had been thinking about this issue yesterday, looks like Google released its official AJAX Client library for its Contact API. So after all Google is becoming a universal contact list? Now, with these tools and APIs available, third party sites have no excuse whatsoever for continuing to insist on asking for username and password to import contacts!

UPDATE1: As it turns out, I totally forgot about the recent announcement of Google Friend Connect and the controversy that soon followed. This is the kind of approach I was thinking of just that it slipped my mind while writing this post late into the night. I think I had signed up for the private beta as well and am awaiting an invitation. Here is the video that explains Google Friend Connect.

I hope with Google, Facebook and Myspace all trying to solve this problem,  third party apps trying to import contact list using password/credentials directly will soon be a thing of the past.

-----------------------------------------------------------------------------

Gmail has almost become a universal contact list. Atleast all social network sites think it is so..

I just dont understand why every time I am asked for my gmail user ID and password (to find friends on a network) I cringe but then finally give in -- only to get burnt, burnt and burnt (ouch!) What drives me nuts is when some of these sites get away with sending your password in plain text! Why do we put up with this nonsense, in this day and age?

One suggestion I have for this problem is to build a Gmail Friend Finder API that would allow Yet Another Social Network (YASN) to access our universal contact list. What I mean by this is: Gmail knows everyone I know and interact with. I trust Gmail and am generally more willing to let Gmail be the arbiter of my social information. Why is this a good idea? for starters third party apps neednt ask users for their password. I just ask them to go and talk to gmail to see if there are others in their site whom I might know and might be interested in connecting with me.

Yesss! I am aware of OpenID and Social Graph API. Here is a small glitch, though. Social Graph API relies on FOAF/XFN and not everyone has that information published online. OpenID is more for authentication and IMHO, its kinda unintuitive and difficult to explain even to tech savvy folks -- let alone my grandmother! Gmail on the other hand... everyone has an account there and we all 'get it'! To be fair here.. Microsoft passport account in some sense was a precursor to all this, perhaps even a little too early for its time!

Following is an illustrative example of how I see this working:

The approach that I think might work better would involve developing an API for Gmail. When I first join YASN, instead of sending me an email directly, it outsources the verification process to the Gmail API. Gmail sends me an email to verify that it was actually me who signed up on YASN. Once I confirm, it sends YASN a confirmation that it has verified it is me. In addition it sends a secret identifier that it requres YASN to send over SSL when asking for any of my data. Note that at this point Gmail already knows for certain that I am a member on YASN. Now, I want to check if any of my friends are on YASN. So YASN will connect once again with Gmail friend finder along with the token/secret code that was sent to it when I completed the email verification. Now the only friends that Gmail API sends to YASN are the ones who are connected to me on Gmail AND are also members of YASN.

Since YASN can only access limited information via the Friend Finder API, it cannot spam everyone on my email account. Additionally, since it does not have my password, it minimizes the risks of my account being hacked or YASN doing something malicious. Ofcourse all this is just conceptual -- unless Google/Gmail team actually implements some such API.

[Thanks Audumbar Chormale, for the discussions and the question that led to this post]

Some things are just Semi-Social

Social Media is a lot about sharing. Prior to the growth of social software, it wasn't that people did not share stuff -- they just did it offline or via email. Now we share at a massive scale and a lot more easily. 

Some things we are willing to share "openly"

• Music playlists (Last.fm)
• Books we read (iread, shelfari)
• Calendars and Travel plans (google calendar)
• Status updates (via Twitter and Microblogging)
• Restaurant recommendations (yelp)
• Knowledge and expertise (via Wikipedia)

As we start to experiment with social software we realize that sharing is good and soon become open to sharing a lot more. There are some things though, that just seem semi-social. What I mean by Semi-Social is roughly "Thing I would not mind sharing with a small group of trusted friends and family members".

Until just a few years back there would have been a lot more people squirming if they were asked to share such 'sensitive data' with others. I see this perception slowly eroding away. There is a small, albeit enthusiastic bunch experimenting with new tools that fall into the category of Semi-Social. 

Some cases that I can think of are as follows:

• Investment portfolio: One example is Covestor. I have an account there but it is under pseudonym. I would not be that enthusiastic to reveal my pathetic attempt to bet on the stock market by watching (mostly tech) blogs. sigh!
• TV watching habits: I think Television as we know it today is completely broken. There is no social aspect to it whatsoever. At ICWSM, Noor Ali-Hassan presented a paper on "Social Media Scenarios for Television". What struck me about this talk was her statement that "Despite its social nature, there is a private aspect of TV that people want to preserve".
• Income and financial information: This is something we had least anticipated. How did we get to a point where I am actually not that scared while putting all my bank details and credit card information into a site like Mint? Mint is not a social site as such. But it reflects how we are now willing to part with some really sensitive data. In contrast, there are other examples of recruitment sites like SimplyHired where people reveal their salary information and can search for companies by salary. A more recent startup that is quite similar is Glassdoor.
• Location: Location can be an extremely sensitive piece of information. Fortunately, Yahoo's fireeagle provides access control for various applications and one can set the privilege that each app has to access location information (latlong, zip, state, country etc).

There will always be some who are at the extreme end of the spectrum and are quite comfortable with being completely (publicly) transparent about "sensitive data". However, most would still only dare to share some of this data with close friends and select people -- i.e. if there is enough value proposition in it for them. Some would be comfortable with aggregate analysis over the data as long as they are not personally identified or targeted in some way (advertising or otherwise).

Although it requires a great deal of courage (to work with privacy sensitive data), the opportunity to invent in the semi-social space may be quite a bit.

The Psychology of Social Networks (KQED Talk)

Just wanted to share a quick note to the KQED/NPR radio talk on "The Psychology of Social Networks" (via Meghavini Shah, Thanks for the pointer!) 

Radio host par excellence,  Michael Krasny talks to

• B.J. Fogg, director of the Persuasive Technology Laboratory at Stanford University and the author of an upcoming book on the psychology of Facebook

• Sam Gosling, assistant professor of psychology at the University of Texas at Austin

They cover a wide range of topics and discuss the how social networks are changing the way we interact with each other. It is a really good show and I would highly recommend listening to it if you can.

Over the past few weeks, I have learned of many interesting anecdotal evidences about our online and offline behaviors and how social networks have become such an important part of the equation. I thought I would share it in the context of this talk. Here are a few noteworthy examples:

• Teenagers in India are socially quite comfortable expressing their relationship status on Facebook/myspace/orkut -- but would not reveal this information to their parents or family.
• Social networks have provided a socially acceptable setting for "checking out" profiles. Arranged marriages in India are still fairly common and it is not unusual for people to check out the profile, scraps and testimony pages of prospective partners before actually meeting them in person. I guess the same is true for dating in general, people judge you by not just who you are and how you look but also who your friends are (and I guess even how they look) and what they have to say about you.
• Coaches usually "friend" athletes on Facebook so that they can keep tabs on any parties that students have been going to and to check if they have a "red cup" in their hand (indicating that they have been consuming alcohol). Cell phone cameras are the easiest way for such information to leak onto Facebook. So parties these days have a "NO CELL PHONE" policy.
• Dont assume that your school teachers or professors dont know what Facebook is! Students found cheating on exams have been completely baffled to see that their profs actually checked their FB profiles to know if the students are friends -- despite their claims of innocence and that they dont know each other.
• Finally, at SocialDevCamp one really cool trend was that people were exchanging their Twitter ids more frequently than business cards. I am still enjoying the conversations that this community of users is having on Twitter. What would have been a one-off meeting is not a sustained community thanks to the power of social networks.

Footnote: Please consider supporting KQED or your local public broadcasting station, who bring to you such excellent programming.

Guest Post by Blazej Bulka: Social Networking That Went Wrong

(Guest post by Blazej Bulka. Thanks Blazej! Especially for translating and summarizing these articles for us non-Polish speakers..)

nasza-klasa.pl is currently the most popular social networking site in Poland. "Nasza klasa" means "our class," and the website is similar in design to classmates.com. It allows people to join schools, from which they graduated, and classes within schools. It also allows to build a social network by reconnecting to old friends, and post photographs.

Initially, nasza-klasa lacked any privacy controls because it was meant as a small, local project. After one year of existence, a sudden surge in popularity came. The number of registered users quickly exceeded 1 million, which started exponential growth. After a few months, the site had more than 5 million users. Currently, the site has more than 11 million users. (The population of Poland is roughly 40 million.) The unexpected growth choked the website, and the utmost priority of the developers was performance, and not privacy.

Right now, the website offers only basic privacy protection such as black listing, and restricting the visibility of the information in the profile. However, the biggest privacy problem are the users themselves. Most of them have had no prior experience with social networks before. The theme of the site is very encouraging to share as much personal information as possible. After all, the users are surrounded with their classmates, who are the people they usually trust, and with whom they shared their personal secrets in the childhood. They have not seen each other for multiple years; therefore, they are extremely willing to share a lot of personal information to make up. They also want their profiles to be easily searchable, in case another old friend should join the site in the future.

Unfortunately, many of the users are unaware that their information can be actually accessed by almost everyone, and not just their friends are interested in it. Moreover, because of their inexperience, they do not know that any information published on the internet may be copied endless number of times, changed, and may stay there forever. Sometimes, consequences of careless publishing of information on the site were quite surprising.

Below, I present an overview of five such unexpected uses of published information based on the articles published in press or on the internet (mostly in Polish).

1. Tracking users by debt collectors and law enforcement
(Source: "Nasza-klasa is a true treasury for debt collectors and law enforcement")
Debt collectors in Poland tend to massively use nasza-klasa to track the debtors. Nasza-klasa seems to be very good source of information for them. Personally, I also heard of cases when the debt collectors compare the friends' lists of the wanted person with the lists of their classmates. A classmate who is missing from the friends' list may indicate that a dislike existed between the two. Apparently, the debt collectors tried to exploit such dislikes to extract more information.

2. Police officers expose themselves and their colleagues
(Source: "Nasza-klasa.pl exposes police officers")

Irresponsible officers post at portal nasza-klasa.pl pictures from the educational institutions, from which they graduated. This reveals identities of undercover officers -- experienced officers say.

[..] The officers add themselves to classes, in which they studied [at police schools]; often, the classes specializing in police operations, investigations, or reconnaissance. And they add class pictures. "I hunt bad people" -- this is the profile information in "About me" section of Marek -- a graduate of a reconnaissance-operational police school in Pila. More experienced officers are disgusted by the behavior of the novices. At police internet forums, they write that such a database about police officers and their friends may be used to track a particular officer.

3. Police officers brag about their authority, and how they could abuse it
(Source:   "Give me their names, I will find them in the national ID registry")

A police officer from Grodzisk Mazowiecki brags on nasza-klasa portal that he can determine the addresses of his former classmates because he has access to the national ID registry (PESEL). [..] On the forum for the 2nd Elementary School, Jaroslaw B. writes: "If anybody of you has telephone numbers of our former classmates, please call them so that they sign up. I also have access to PESEL database. I need last names, and I will determine the addresses."
A former classmate asks him: "Jarek (i.e., Jaroslaw), where do you work, if you have access to PESEL database?"

The police officer responds: "the less you know, the better."
Another classmate writes: "(..) Now the whole school knows about Jarek's capabilities :) However, I propose not to use authority or even force to find our classmates :) (...) And maybe we should move our conversation to the class forum from the school's forum :):).)

In his profile, Jaroslaw wrote that he graduated from the Police University in Szczytno.

4. Intelligence agents should know better to be low-profile ... well, apparently not!
(Source:  "Our new secret service revealed themselves on the internet"; the article contains interesting pictures posted by the intelligence agents ...)

Pictures of six SKW (Military Counter-intelligence Agency) officers are shown without their names or rank. According to the SKW Act, this data is considered particularly sensitive. The officers themselves did not exercise enough care -- during their mission, they posted pictures showing them armed, both in uniform and disguise. They were posted in profiles registered with their real names. They did not mention that they are SKW officers, they only mentioned that they are officers of the Polish Military Force. But they did not try to conceal the fact that the pictures were taken in Afghanistan.

5. People brag about committing crimes and spreading hateful ideology
(Source: "Responsibility for 'Sieg Heil' (Nazi greeting) on Nasza-klasa")
One of the profile pictures is here and another "nazi" profile picture is here.

In February, the journalists from "Gazeta Wyborcza" noticed the son of the mayor of Leczna is one of the millions people who signed up with nasza-klasa. One of the photographs in his profile showed him with two baldly-shaved friends, with their right hands raised in the fascist gesture "Sieg heil". The faces of the two friends were covered with scarves with logo of the fans for soccer club Gornik Leczna.

[..] As the journal reports, the state prosecutor's office in Lublin has already contacted nasza-klasa.pl with an inquiry regarding the user profile. The investigators want to find out how long the picture was available on the site, and how many people may have watched it. Promoting fascist ideology may lead to a financial fine, and a penalty of imprisonment up to two years in jail.