Own Your Identity

I’m writing this blog along with web-maven Brian Oberkirch and polar explorer turned web revolutionary Tony Haile. We’re just getting started, but our goal is to lead a discussion on the ins and outs of online identity, tackling such questions as:

• What does it mean to own one’s identity online?
• What building blocks do we need in place to help achieve identity ownership?
• What practices are social networks doing that help (or hurt) personal identity online?
• How can we work with social networks to build a better web?
• What are the real-world problems that normal folks are dealing with concerning identity?

Our eventual hope is that by participating in this discussion and really driving it forward, we’ll all learn how to build software that helps us own our identity.

“I do have great trepidation as this is exactly the tool social engineering hackers have been hoping for and working toward.

Most hacks of organizations (most are populated with 98% of people not like us that are more open to social engineering hacks) that have been hacked (been through more than a few of these meetings after the fact) are done through some clever individual using social engineering to convince somebody to trust the hacker. The identification of connections (usually best approached with weak ties) is a great starting point (this is the major reason why most organizations no longer have their employee list or full-contact list posted on their websites).

The Google SocialGraph API is exposing everybody who has not thought through their privacy or exposing of their connections.

This is an excellent point that needs to be considered.

An example of what Thomas describes might be that someone contacts you and pretends to know all the same people you know, and thereby gains your confidence and uses it for evil purposes. (Hugh Macleod calls these shared social objects social markers)

I think this is the same issue that Tim O’Reilly was getting at when he recently said:

“The counter-argument is that all this data is available anyway, and that by making it more visible, we raise people’s awareness and ultimately their behavior. I’m in (this) camp. It’s a lot like the evolutionary value of pain. Search (searching the social graph) creates feedback loops that allow us to learn from and modify our behavior. A false sense of security helps bad actors more than tools that make information more visible.

So Tim is saying that while we’ll probably have issues going forward (some will get burnt), in dealing with them we’ll learn how to expose our own social relationships on the web, which is a skill we’ll need from now on. Forever.

I tend to agree. But obviously this is a complex issue. Whether or not exposing relationship information comes to be an accepted practice, we’ll likely see new norms of behavior spring up.

Not everyone is happy with the Social Graph API. danah boyd has a dissenting opinion. She says:

“Being socially exposed is AOK when you hold a lot of privilege, when people cannot hold meaningful power over you, or when you can route around such efforts. Such is the life of most of the tech geeks living in Silicon Valley. But I spend all of my time with teenagers, one of the most vulnerable populations because of their lack of agency (let alone rights). Teens are notorious for self-exposure, but they want to do so in a controlled fashion. Self-exposure is critical for the coming of age process – it’s how we get a sense of who we are, how others perceive us, and how we fit into the world. We exposure during that time period in order to understand where the edges are. But we don’t expose to be put at true risk. Forced exposure puts this population at a much greater risk…”

While I agree that what danah is talking about is tremendously important, I don’t know why she says that this is “forcing” people to expose their personal relationship information. From my understanding, the Social Graph API is simply aggregating data and providing a means to query it. Now, that certainly makes it easier to find, and that’s an issue (technology is NOT neutral) But isn’t the bulk of responsibility, on those services where code is automatically generated, on the publisher’s themselves? And isn’t it on the individual who publishes their own code?

I have been assuming that publishing personal information would be done by choice. That is, an individual either makes a relationship public or not. If you choose to make it public, you can choose to mark up your information as XFN (or other supported formats) or not. If you do choose to mark it up, then you reap the benefits of the API and services that are built upon it. If you don’t mark it up, then the relationship is public but you keep some “security by obscurity” and your content is seen only in context.

However, there is still the issue that one side of the relationship could publish when the other wants to keep it private. This, in the current Google environment, is treated as a “possible relationship”. It makes a difference if only one side of the relationship is published. This situation may be what danah is referring to, and it does raise some concerns.

But simply publishing this API doesn’t mean that it forces publishers to use the formats without offering some level of control to their users, in fact publishers should give lots of controls around this. Now, if Six Apart and WordPress.com were to tomorrow say “We’re publishing your relationship data in these formats and you can’t opt out”, then that would be a serious problem. I hope that’s not the case, and from what we’ve seen with Facebook and their privacy issues, one would hope that other companies wouldn’t be so cavalier with people’s relationship data.

But I’m reminded again by the age-old saying: “the best way to prevent secrets from getting out is to not have any in the first place”. As technology makes it easier to share information, it becomes harder and harder to keep any of that information secret.

Social Design Best Practices

The list of best practices are as follows:

1. Engage Quickly – (my interpretation: provide value within 30 seconds)
2. Mimic Look and Feel – (make your widget look like the page it is in)
3. Enable Self Expression – (let people personalize their widgets)
4. Make it Dynamic – (keep showing new stuff)
5. Expose Friend Activity – (show what friends are doing)
6. Browse the Graph – (let people explore their friends and friends of friends)
7. Drive Communication – (provide commenting features)
8. Build Communities – (expose different axes of similarity)
9. Solve Real World Tasks – (leverage people’s social connections to solve real problems)

This list is interesting for several reasons.

One is that we’re clearly seeing a set of practices emerge across all social software that centers around getting people started quickly, allowing for self-expression, engaged in real-life tasks, yet also allowing for flexible discovery and play. On both this site and others concerned with social design, these are the major themes that arise again and again.

Another is how quickly the social networks have changed the way we look at software in just a couple years. The third item on the list “Enable Self-Expression”, for example, would never have existed before the rise of MySpace. Facebook probably had a lot to do with “Expose Friend Activity”, which is a not-so-subtle reference to the news feed feature on that site.

Finally, I’m struck by how only two or three of the best practices are necessarily part of “social networking” software. They could be used in any kind of social software, be it productivity software for groups or even e-commerce sites that help people find the right product. That, to me, is the essence of social design. It isn’t relegated to social networking, even though the rise of social networking is what helped to clarify and refine the ideas. It’s about building software that takes advantage of social connections to provide enhanced value.

Also, note that these best practices are concerned with this particular technology. The Open Social initiative is a set of programming APIs that allows anybody to embed widgets (gadgets) within web pages (called containers). The embedded widgets can access outside services like MySpace, Orkut, and other social networks. As an simple example, I might embed a widget in my blog that shows my MySpace friends and whether or not they’re online at the moment.

Interesting bits aside, I think that the Google folks did a good job of summarizing some major issues in social design.

“Imagine that when you shopped online for a digital camera, you could see whether anyone you knew already owned it and ask them what they thought. Imagine that when you searched for a concert ticket you could learn if friends were headed to the same show. Or that you knew which sites – or what news stories – people you trust found useful and which they disliked. Or maybe you could find out where all your friends and relatives are, right now (at least those who want to be found).”

Notice how each one of the examples relates the person with what they’re trying to find out by way of Trust. In other words, information is important to people not just because of what it is, but because of what it means to the person and their future. Knowing what concerts are playing is nice…but knowing which one your friends are going to is what’s important.

Schneiderman’s Circles of Relationships

Ben Shneiderman came up with a nice graphic to illustrate this. He calls it the circles of relationships. It shows several concentric ovals (centering on the self) that illustrate how Trust dissipates outward. As we move away from people near to us, we trust them less.

Much of what Facebook has in store is about leveraging our social relationships in this way. The scope of what they’re doing is really amazing…opening up their database so that 3rd parties can create tools to leverage those relationships in countless ways. Facebook is smart to realize that it’s the users who will innovate best here…because they’re the ones who know what’s important to them.

Further reading: Chapter 5 of Sheiderman’s Leonardo’s Laptop (.pdf)

Update: Extending the Circles of Relationships

It’s too fun to play pundit. When MySpace was growing hugely popular, about the time that it was sold to News Corp. for 580 million dollars, everyone had an opinion about it.

It’s ugly. It’s horribly designed. They got lucky. It’s just perfect timing. The page views are way out of whack. It’s a fluke. Whatever the reason, it was en vogue to trash the site. Very few people who didn’t use the site (other than investors) gave much credit to the amazing growth and success they were enjoying.

The people sharing their opinions …designers, technologists, journalists, weren’t the people who mattered. They (we) didn’t matter because they (we) weren’t using the site.

Then I had a conversation with an actual MySpacer, and I never thought about MySpace the same. Kelli was despondent. I asked her what was wrong, and she brought up MySpace. “My boyfriend…well now my ex-boyfriend…completely deleted me from his MySpace account. I was first on his Top 8 list, and now I’m not on his list and I can’t even view his profile. He un-friended me.”

To her, MySpace wasn’t just a web site, it was an integral part of her social life. What happened there was as real as anything offline. She explained that since all of her friends were also on the site, being removed from a Top 8 List was a form of public punishment. Her boyfriend might just as well have stood up in the school cafeteria and shouted that the relationship was over. It was a statement about social standing, about being accepted as a part of a group, and it affected her emotionally as much as a face-to-face interaction.

That kind of thing happens every day on MySpace: to people who are invested in the site in a way that no pundit ever could be, even if they tried. There are relationships being broken, fixed, and created all the time and people who don’t use the site will never know it until they ask.

So don’t listen to pundits, loud bloggers, or any individual just because they have a large following or can make a lot of noise…especially if they haven’t used the site on a regular basis! Make sure that the sample of people you’re listening to is part of the actual user population. It will completely change your conception of what social software is.

The problems are real:

• Too many accounts and logins
  The social networks have really exacerbated the problem. Before, we had accounts for many things, like shopping, banking, email, etc. But when social networks came into the picture, they asked us for more than credit card numbers, they want things like our favorite movies, our lists of friends, our soul. Having to copy that information over and over again is a drag.
• No authoritative source for identity
  So with our many accounts, which one is correct? What if there are differences between them? More likely, what if things change and I don’t go back to update them? The information quickly becomes old, with each service having it’s own dated copy there is no authoritative source. That gets confusing fast.
• Too many copies of content (with microformats this is multiplying)
  Brian calls this the Darowski Problem. If everyone uses microformats for everything, there quickly gets to be thousands of copies of all this data. This might not be a problem in itself, but then you do things like go to search engines and find all the copies…and you have the no authority problem again. Brian suggests a “gold copy” that is the authoritative copy, located on your personal site.
• No way to find authoritative source even if we had one
  Even if we centralized all authority on a single blog, for example, we still need a way to find it. We have ways of doing this in other facets, like the meta information in <link> tags, which can help user agents find the right copy. This makes it possible to have different URLs but a standard for finding the right one.

I think Brian is absolutely right…we need an authority for identity. Using OpenID will get us to a domain, which is excellent. I’ve been suggesting for a while now that it should be our own domain, as opposed to another service. It is likely, however, that many individuals won’t have the time or the energy to run their own domain, so this looks ripe for a service (Brian suggests LinkedIn) to really push the boundary.

Past pieces on Domain as Identity:

A Messaging Proxy and Domain as Identity

Domain as Identity

‘”All markets work at three levels”, he said. “Transactions, conversations and relationships”. Eric is an atheist. Sayo is a Christian. With those two triangulating so similarly on the same subject, I began to figure there was something more to this relationship business.’

Doc starts this excellent piece by wondering what we can learn about economy from open-source practices. A lot, it seems. When we look at something like the incredible creation of Linux, what does that tell us about what we value and why and how we get stuff done?

Well, for one thing it’s not always about the money, which, if you live in the U.S., you would be hard-pressed to believe. So much is about the money here that imagining great software being built by volunteers is mind boggling in itself.

This insight leads Doc to a wide-ranging discussion evolving around the idea that we’re just beginning to model interpersonal relationships online. That, when we stand back from our transaction-oriented mindset we realize that there is another level to economies that happens on the relationship level. We treat people differently based on our relationship with them, and it directly effects the economy when we make trades based on those relationships.

From a social design perspective this is right on. We’re continuing to model our social lives online, and while at the present moment all systems are transaction-based maybe they’ll be more nuanced going forward?

So, in the future when I want to trade something online I can set different transaction preferences depending on the strength of my relationship with someone. The relationship affects the transaction. If I’m trading with a stranger, they pay full price. If I’m trading with a Bokardoan, I trade half-price. And so on. This, as Doc points out, is how economies run on a personal level, in 3rd world countries, before they go global on the Web.

As Doc says, we need a solid identity framework for this to work, and given that just yesterday another giant (Digg) said they would support OpenID, that might be the framework that gets us there.

For Doc’s brilliant wide-ranging take on this, please read: Building an Relationship Economy

In an interest of accountability, I thought I would quickly recap them and see how I did. (too many folks making predictions never go back to see how they did…we really have no idea who to listen to as the new wave of predictions hit us…and since I love predictions I’m going to try to change that).

Here are the trends I predicted were worth watching:

• The Subscription Model
  I predicted that we would continue to follow a subscription model for most of our content discovery, just as we are doing with RSS. Outside of feeds, however, I can’t say that there are many other bloomings of subscriptions…but the huge growth of all sorts of feeds might be enough to say that this was a decent prediction. Or, maybe feeds are the model for subscriptions, and I was right on.
• Attention and Gestures
  Not sure about this one. Obviously, we all became more aware of attention and gestures, through Steve Gillmor and Co’s evangelism, but there really aren’t any more services out there that explicitly call these out. That’s not to say that these things aren’t becoming more important…they’re just not the leading story.
• Identity
  Peter Merholz said I was crazy about this one. But what else is MySpace or Facebook but the forging of identity? This one is huge…just read a post by Danah Boyd about designing for life stages, and much of it has to do with identity. I think this will only increase in importance…if you’re not replicating your identity online you soon will be, in some way.
• Synchronization and Local Store
  The importance of this hasn’t diminished, but we didn’t get all that far here. Several services, such as Zimbra and Socialtext are now supporting local store. But the big guns haven’t yet, which only leads me to think that they’re just taking their time to make it seemless. I would be incredibly surprised if they weren’t working on this…so my prediction was a year early, I think.
• The Life Portfolio
  Probably a year early on this one, too. This is my domain as identity idea, where you are represented by a domain that is you…that’s where all your services are, from your writing to your contacts to your calendar. With structured data playing an increasingly bigger role, microformats and OpenID taking off, this is becoming reality.
• Information Visualization
  A couple of folks pointed out that others had this prediction in year’s past. I still don’t think it’s really taken off, so I was early on this one. Even so, the site information aesthetics is one of the best around, and deals exclusively with this topic. My guess is that there will have to be a killer application showing something amazing via information visualization before a wave of support comes.

So, all in all I didn’t do so well because I was too early on most of my predictions, although I don’t think any prediction was a complete bust. I still see identity as a prime area for activity, especially with a backlash of social networks coming. I don’t think that we’ll see an end to social networks, but other apps will absorb some of that social functionality where appropriate.

“Everyday conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Of course, organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was the default assumption.”

Indeed, we do take that privacy for granted. What we said behind someone’s back wouldn’t reach them unless the person we confided in told them directly. There was nobody taking notes, nobody recording this conversation on the record. What we said was contained securely in the moment: no future action could recreate it.

Schneier continues:

“This has changed. We now type our casual conversations. We chat in e-mail, with instant messages on our computer and SMS messages on our cellphones, and in comments on social networking Web sites like Friendster, LiveJournal and News Corp.‘s MySpace. These conversations–with friends, lovers, colleagues, fellow employees–are not ephemeral; they leave their own electronic trails.”

Now, everything we do online is not only not private in the moment, as someone could be eavesdropping in real time, but it is also saved for future scrutiny. Future scrutiny, of course, could be almost anything. Investigations, government orders, stalkers, even honest personal information research. It’s all there for the taking.

But do we act like it? Not really. For the most part we still go online without much thought as to who is recording what and what they might use it for. This worries Schneier:

“We know this intellectually, but we haven’t truly internalized it. We type on, engrossed in conversation, forgetting that we’re being recorded.”

The stories of private lives becoming public are continuing to grow. Perhaps you’ve seen the examples of solicitors caught through MySpace, the Craigslist Sex Baiting Prank, or the Mark Foley scandal. These are just three examples of private lives being exposed because of recorded conversations…and they’re just the tip of the iceberg. (obviously, these three get attention for being gross…I wonder how many people have been pleasantly surprised by what they found out in similar ways)

Schneier thinks that the answer to all of this is legislation: he wants laws put in place that safeguard personal information to protect privacy. This sounds right, but some things (those that hurt other people) should definitely not be kept private.

The tension between privacy and prosecution is always a tough issue. We want to stop those harmful things that happen (even if they happen in private), but we also want to protect the privacy of honest, good people.

I think that Schneier’s other warning will probably do more to help the situation than legislation. We need to be mindful of where and how we’re revealing information, and what the ramifications are of our conversations being recorded. Our social norms need to adapt to the point where we implicitly understand that what we do and say is on the record, by default.

Ponder this: if someone was judging you for entrance into (heaven, hell, your choice here), would you be proud of everything they could potentially find out about you?

In the comments Cori Schlegel made the seemingly innocuous suggestion that we need a messaging proxy. Send a message to the proxy, and you get it on all of your devices or services that talk to your proxy.

This is a great idea! And the more that I thought about it, the more I realized that it is a perfect extension of an idea that I wrote about last year: domain as identity. (a post which, coincidentally enough, Cori commented on).

Here’s how it would work, as far as I understand it…

Instead of web sites having domain names, and those domains having mail accounts, people have domain names and one messaging account. My domain is Bokardo, and I have services at Bokardo.com that I control. Mail would be one of those services.

When mail is sent to mail.bokardo.com, it is forwarded to any devices or services I have added to my domain. So it acts as a proxy in this way…it serves as the place that all mail is sent to, and then I control where it goes after that.

The messaging devices and I have set up on my domain could be of various types:

• Cellphone
• Chat programs
• Social networks
• PDAs
• Traditional email accounts
• The display on your car dashboard

The difference is subtle. Instead of having a separate messaging service for each context we’re in, we have a single messaging service provided by our own domain that routes messages for us. If we join a new social network, we still use our messaging proxy to relay the messages. We simply point the social network to our domain and it knows about us. We would have a single archive of all the messages we send, with metadata that tells us what context they were sent in. So, if I want to say “thanks for the add” to a MySpace member, I send it through my messaging proxy to the messaging proxy of the MySpace member, suggesting that it be received within a MySpace context, and then the person receives it in their MySpace interface. If they aren’t in their MySpace context, they might receive it wherever they are on their cellphone.

In this setup you would never lose mail as along as you keep your domain. If you didn’t have any services set up to receive the mail, it would sit at your domain. Right now, one of the big pains with email is that they’re often provided by your ISP, so you have something like mary@comcast.net. That’s a tie-in we don’t want because it gives the wrong domain power over the account!

The identity folks out there are probably saying “duh”. But that’s part of the problem, isn’t it? Most of us haven’t yet realized what having a solid identity would mean. Take a look at MySpace again. People are fiercely protective of their accounts there, because they’ve invested the time and energy to fill them up with information about themselves. It’s their identity. Their messaging capability is centered around the service, and they can’t interact with folks outside the service easily. That’s the pain point where identity comes in. When a new, cooler hang out spot comes along, they’ll be gone, and all of their messages and profile information will be lost. Unless that information is stored in their identity domain…

Privacy advocates will recognize that this also has benefits for privacy. When messages can be tied to an identity, and we can hold someone accountable for them, SPAM plummets. The problem with SPAM is lack of identity, and if we can create a system where every message is tied to an identity then we can start the long uphill climb of getting rid of SPAM. At least some of it.

Attention-minded folks might see this idea as personal attention streams. Route messages through a single service, and you’ve got them all right there for picking. You’ve got a single address book comprised of everyone you’ve ever sent a message to, you know where you’ve spent your attention, and that could potentially be valuable information for oneself (and perhaps for others).

All the messages come from one mouth (i.e. one mind), so why not a service to model that?

So a domain per person. A single message routing mechanism per person. It’s an interesting idea that I would love to talk more about.

If I were Steve Gillmor, I would say that it has already happened.

The main conflict of the episode is that George knows what will happen when his two worlds collide: “Relationship George will kill Independent George”. Obviously, however, this difference is only in George’s mind, where there is a clear separation between his love life and his life among friends. It appeals to us because we somehow feel awkward when in the same situation: I certainly remember when I introduced my wife to my family and friends…I was pretty anxious. (thankfully, it turned out great)

The Seinfeld episode is analogous to the current non-struggle we’re having between our “digital life” and our “real life”. Our “digital life” is made up of blogs, email, subscription feeds, and aggregators. Our “real life” is, apparently, everything else.

Nicholas Carr, whose writing I enjoy because he can argue the spots off a leopard, recently described the phenomena of “self-commoditization”, or “producing marketable digital versions of ourselves”. He describes self-commoditization as people creating their own private reality shows, a form of narcissism, and little more than self-consumption. And he’s optimistic about the huge opportunity this brings to those who would make money from it because “there’s little constraint on the supply of digital selves”.

Carr writes in another piece (Selling Ourselves):

“When we communicate to promote ourselves, to gain attention, all we are doing is turning ourselves into goods and our communications into advertising. We become salesmen of ourselves, hucksters of the “I.” In peddling our interests, moreover, we also peddle the commodities that give those interests form: songs, videos, and other saleable products. And in tying our interests to our identities, we give marketers the information they need to control those interests and, in the end, those identities.”

Carr’s argument, in addition to its searing doomsdayishness, comes (as most of them do) with the notion that somebody ought to make money from this. That’s how he makes the jump from our interactions with others to some sort of selling/buying relationship and, ultimately, to the intimation that our “digital life” will kill our “real life”, much like George was afraid of.

If you do happen to be in the media (whose goal is to make money) the question is an interesting one. But for the rest of us who see the difference between our “digital life” and our “real life” shrinking every second (or even non-existent), the question of making money is of little importance, and comparing social interactions to money changing hands completely obscures the situation. Much more intricate than money exchange are social standing, peer opinion, having friends, and being liked. You know, the human things. I continually bristle at the notion that our interactions online can be explained in economic terms.

I think the dichotomy of a “digital life” being somehow different from our “real life” is becoming more false every day. Not only do people understand how web technologies work, but they’re leveraging them to improve all parts of their lives. And the evils that Carr is so quick to point out (gang mentality, self-commoditization, and my personal favorite: blogospheric lynch mob!) are simply online representations of people’s behavior…behavior that hasn’t changed for millenia. When Carr gets excited about the latest emotional upswell online and compares it to selling our souls to the Devil, it is more interesting to watch him construct an argument for discussion from it than to actually go watch the event. Sure, there are issues with identity, but for the most part people are honest and are who they say they are.

Am I being too optimistic? Maybe. We could spend all of our time focusing on the tiny fraction of evil folks, hoping that by calling them trolls they would simply go away. But we’ve always had those and probably always will. Instead, I would like to see more positive stories about how people are improving their lives with technology from writers like Carr. Unfortunately, I don’t think that will happen anytime soon.

The main difference in the last 15 years of human living isn’t that somehow being online has created an alternate universe for us. It’s not that the Internet has made us into lynch mobs. The main difference is that instead of our hazy memory of what happened we have a digital record.

Does being online change our behavior? Yes, certainly, but most of it is in terms of how we do something, not why we do it. We don’t suddenly become narcissists, any more than we used to be. If we can quell the notion that social software is ruining society then we can recognize and repair those tears in the social fabric that do exist.

My wife, just yesterday, was in an email discussion made up of a group of mothers across town. They planned to get together at one of their houses, and when they met in the afternoon not a single one of them remarked how their two worlds had collided, or how bad they felt about their communications becoming advertising. They even referred to their email conversation as “talking”.

Update: I recommend reading two thoughtful follow-ups to this post that went into more depth and nuance than I did:

• Our Fluid Selves, Online and Off by Anne Zelenka
• The web is the real world by Jen Spadafora

1. They’re never built.
   I’ve had the same conversation with many folks: good idea for web application, but not enough motivation to build it. In fact, I fall into this category. I have several prototypes sitting on my hard drive of little applications that could be something someday, and I’ve run out of steam developing them. I get distracted, start doing something else. However, this is probably a confidence issue as much as a time issue. We’re simply not sure if what we build would be successful and investing the time it takes to push it to completion is daunting. An interesting story cropped up recently about this: Michael Arrington of Techcrunch wrote about how Squidoo.com seems to be failing, suggesting that it cast a dark shadow over Seth Godin’s reputation as a marketer, and that it wouldn’t be long before Seth distances himself from it. In other words, Mike was equating Seth’s reputation with the product he built. This is precisely why it is scary to build something in the public eye. People can ridicule it, and often do. But even if Squidoo doesn’t succeed (which is uncertain) I doubt that Seth will see it as anything other than a learning experience. Now if only the rest of us could.
2. They’re modeling an offline activity incompletely.
   This happens a lot in banking web apps. I recently switched from my bank to one with better online features. It wasn’t that my former bank couldn’t handle the transactions, but they could only do so if I actually went to the bank and talked with a teller. This is completely frustrating. An incompatibility between an online app and an offline store doesn’t make sense. How many times have you tried to redeem a coupon or gift certificate only to find that you have to go to the store? Well, we’re so used to the online world now that the web app is the store, in both a physical and non-physical sense.
3. They’re ahead of the curve.
   Some applications are simply ahead of their time. There were online bookmarking sites way before Del.icio.us. There were photo sharing sites way before Flickr. Why is it that now these types of sites take off when before they didn’t? One answer to why bookmarking sites didn’t take off is provided by Ari Paparo, who started Blink.com in 1999. He had 13 million dollars in investment money, and he and his company couldn’t make it work. His post about why Blink.com failed is a fascinating chronicle of a company ahead of its time. He points out that bookmarks weren’t public by default, the site used folders instead of tags, the service wasn’t instantly useful, and that technology was too often a factor in decision making. Paparo says the company wasn’t ahead of its time, but I think it is pretty clear that these lessons are exactly the type that an unforgiving network teaches us over time. And 13 million dollars said that they didn’t have much time to play with.
4. They don’t plan for change.
   One of the most common battle calls of web developers these days is that you have to plan for change. One certainty is that the app you’re working on right now isn’t the one that will be there a year from now, a month from now, or even a week from now. The software cycle is speeding up. And interestingly, it isn’t just the new, small web apps that lead this charge. It’s Amazon, Google, and eBay, who have such sophisticated backends that they’re able to manipulate, test, and retest different features on the fly to a subset of users. They didn’t get to where they are today by coming up with a fantastic initial design that “just worked”. No, they’re tweaking, tweaking, tweaking while you and I sleep.
5. They don’t charge money.
   This is a more interesting problem than it first appears. At first glance, it would seem that charging might not be all that important to a web application whose creators are going the “let’s get a huge user base” route. This is the route that Writely took. They never charged for anything, built an awesome product and a huge user base, and got bought out by Google. But more likely they’re the exception, not the rule. At some point buying out Web 2.0 companies will slow or stop. When you charge for something, though, an interesting thing happens. You have an implicit relationship with the customer. They are literally invested in your product, will spend more time using it, and will care about whether it lives or dies. All these things add up to better feedback for the development team going forward. In addition, there is also the psychological bias of getting what you paid for. When you charge for something, announcing to the world that you think this is worth something, you are actually implanting the same thought in other people’s heads. They start to think it’s worth something, too.
6. They have no barrier to entry…at all.
   The biggest problem with Myspace is identity. There is simply no barrier to entry for the service, not even to identify who you really are. Obviously, this helps growth because anybody can use the service. However, it also lets in anybody, and that means people who have nothing to lose and who do evil things. If they had their identity to lose, like those who get caught in the weekly sting operations we see now on TV, then that becomes a strong barrier of entry for them. For people who are simply on there to hang with friends, this is not a problematic barrier at all. They want people to know who they are! Having a small, but real, barrier to entry will trip up those people who really shouldn’t be using the service in the first place.
7. They don’t think holistically.
   The amazing thing about Flickr is that nobody uses the service to upload pictures. Nobody says to themselves “I need to upload me some pictures”. Instead, they’re satisfying some other need in their lives, like showing off the new kid to relatives. Or showing their friends how their trip to Europe went. Or letting their co-workers in on their conference activity. All of these things have to do with their life, their relationships, their everyday activities that aren’t centered on the Web, but are made much easier by it. If we look closely, that’s what most successful web apps do: they make our offline lives richer.

“A goal of Identity 2.0 is to mimic aspects of identity transactions that work well in the physical world.”

During a meeting today at the Microsoft Search Champs Conference in Redmond, WA, Yusuf Mehdi, Senior VP of MSN Information Services, discussed the recent blowup involving the U.S. Government’s subpoena of personal information from major Search Engines including MSN, Yahoo, Google, and AOL. This was not the first time that the U.S. Government has requested information from corporations in this manner. It was, however, one of the most talked about, spurred on by a press release from Google, who announced that they had turned down the request. Soon after, it was revealed that both Yahoo and MSN has complied with it, casting an instant shadow over those companies. In response, Ken Moss, general manager of MSN web search, provided a few relevant details of the case on the MSN Search Blog.

Today, Mehdi added some detail concerning what actually happened when the request from the Government was made. First, the Government had asked for information that could identify people on an individual basis (most likely, an IP address). Microsoft declined this request, and instead handed the Government a watered down version of data, which Mehdi made clear did not include personal information. The information provided by Microsoft, Mehdi said, consisted only of a sample of search terms and their frequency, as well as a random sample of pages in the MSN Search Index.

Update: Ramez Naam, Group Program Manager, MSN Search, sends along a clarification: the DOJ didn’t ask for personal information specifically, they simply asked for logs.

This was a very hot topic the entire day today at the Conference. Not only are there differing viewpoints about what Search companies should and should not do, but the very relevance of data was in question. Is this a non-issue given that Microsoft didn’t hand over personal information? Did Microsoft make an error in giving in to the Government? What information did they actually give? Given that the Government has final say, does any of the MSN posturing matter? And finally, does the average Joe really care about all this?

To help answer these questions, a few members of the Search Champs crowd gathered tonight to record a podcast. The podcast members were:

• Joshua Porter ( Me – Search Champs Attendee )
• Thomas Vander Wal ( Search Champs Attendee )
• Chris Pirillo ( Search Champs Attendee )
• Dion Hinchcliffe ( Search Champs Attendee )
• Fred Oliviera ( Search Champs Attendee )
• Alex Barnett ( Microsoft )
• Brady Forrest ( MSN Search Team )

Update: Additional Coverage:
Alex Barnett (Photos)
Thomas Vander Wal
Dion Hinchcliffe
Fred Oliviera

And Robert Scoble has a writeup of the meeting: Search Champs Grilling MSN execs

This started out as a list of technological trends, with RSS, Ajax, and Ruby on Rails being the headlines, as all three had huge years in terms of implementation and being squacked about. But these things, while interesting, aren’t really trends in the way that people are using the Web. Instead, they’re trends in building. Nothing illustrates the disparity between technology and usage more than the what Yahoo had to say in their October whitepaper: RSS-Crossing into the Mainstream. They claim that while over 1/4 of all Web users consume RSS in one way or another, only 4% know it.

So, in the spirit of usage I offer the following trends, focused on the way that those in the curve use the Web. Those ahead of the curve are probably on to whatever will get mainstream next year…

The Subscription Model

Through blog and news feeds we are learning the value of subscription on the Web. Borne out of our experiences with newspaper and magazine subscriptions, we’re subscribing to information sources that are as specialized as we want them to be. These are written not by professional writers in prestigous publications, but by folks whose passion or interest is their ticket to the show. Their writing, never as clean as what you’ll read in the Times or the Post, is always as interesting.

The subscription model is about getting content on your terms and not on somebody else’s. It’s a pull technology, so we only get content when we want it. This is unlike a push technology such as email, in which you’re damned if you ever give out your email address to the wrong person. The power of the model is apparent every time we open up a feed and view an item in its perfect plainness. Imagine being asked 3-4 years ago if people would stand to read content that is styled generically and with very little logo or branding to speak of. It would take a powerful model to convince us of that, but the subscription model does just that.

Attention and Gestures

Our attention is all we have. To give or to receive. To not give or to not receive. All other value flows downhill. Attention is two way on the Web, and we’re finding it increasingly difficult to keep our attention on any one thing long enough to learn what we need to learn before moving on. The statistic that the number of scientific journals doubles each 15 years is piddling. The number of blogs doubles in a matter of months.

Gestures, as it has been explained, are the unit of attention. In other words, you can measure attention by giving weight to and counting gestures. As Steve Gillmor is quick to point out, however, gestures include the negative as well as the positive. If I link to a web page, then that means something about how I value it. If I don’t link to a web page, that can mean something too, but it may be much harder to discern. Obviously, not linking to the billions of web sites out there doesn’t mean that I value each of them as equally worthless. I simply make no gesture toward them. No gesture is different than a negative gesture. But if I have the opportunity to link to something, and don’t, then that’s a gesture of inattention. Count up those and you’ve got yourself an interesting metric…

Identity

Another problem arising from the increasingly networked world we live in is how to model our identity online. Right now we’re modeling it so poorly that we really don’t have an online identity: we have our information spread across siloes of data on dozens of web sites. Since we can’t aggregate it all, if we needed to, then we really be identified by it in any general sense. The symptom that afflicts users is that we can’t remember the passwords for each site. The bigger problem is that our data is everywhere outside of our control. We should be in control of our own identity!

Startups like Sxip aim to solve this problem by creating a single datastore that allows people to identify themselves to a third party, choose what information to divulge, and when. There are several other initiatives as well. One thing I really like about what Google and Yahoo do is that I only have one username and password for all their services, and given that I use several of each it saves me a little headache. But it’s not yet one ring to rule them all.

Identity will become important when people realize that we should be in control of our own identity data, that signing into each site differently is not only difficult but backwards, and that we have power as buyers. Until then, we’ll probably all use two or three passwords for the 20 or 30 sites we log into, thus taxing our minds less but also lessening security benefits across the board.

To be continued…