The open, social web

I was in Europe for the past week and half, ending up in Leuven, Belgium to speak at the Twiist.be conference. The topic of my talk was “The Open, Social Web.” (PDF)

At first I struggled to develop a compelling or sensible narrative for the talk — as there is so much to it that I could probably give a dozen or more 45 minutes talks on the subject. With some long-distance encouragement from Brynn, I eventually arrived at the topic I wanted to cover that lead to a conclusion that has largely been implicit in my work so far.

Continue reading “The open, social web”

Comixology and the future of connected commerce

Custom Burger ReceiptIt dawned on me recently that, not only are we in a period of great change and transformation, but that those of us who have been working on the web to make it a more social and humane place have only barely begun the process of taking the “personality-ization” (not “personalization”) and connectedness that we take for granted on the web into the offline world.

All at once, my sense tell me that things coming to a head, and, as Om Malik pointed out, we are at the end of an era. It’s anyone’s guess how the next chapter of the social web will read, but a few experiences lately got me thinking.

A connected Apple experience

I first saw a glimmer of this when in Boston, shopping at the Apple store for a USB charger. Upon checkout, I was asked whether I wanted a print copy of my receipt or to have it emailed to me. Reluctant to explain the “+apple” in my email address, I hesitated for a moment but submitted: “by email.”

The Apple employee looked at his screen, read back my email address and said, “Is that correct?”

“Yeah…” I stammered, somewhat surprised. “It is.”

Of course all they did was correlate my credit card number to the email address I’d previously had my receipts sent to. When I was shopping in San Francisco. Here I was in Boston!

Apple had recorded my email, associated it with my credit card (perhaps more than one), and then shared it with all their stores, providing me with a specific kind of convenience that few other stores — at least that I know of — have attempted. (Aside: And don’t give me any buts about privacy and correlations and any of that bullshit. Privacy has a certain kind of value and importance, but I’ve heard so little vision out of privacy zealots that it’s time think about the other side of the coin.)

Now, that small example of convenience may not seem significant on the surface, but it does suggest that new connections — between the world of brick and mortar identity and the realm of digital identity — are emerging, creating new opportunities for creative commerce.

Comixology and Isotope

James Sime by Bryan Lee O'MalleyMy favorite comic book store is located in Hayes Valley in San Francisco. It’s run by James Sime — someone who belongs in comics, much moreso than he belongs selling them. His shop is called Isotope and every month or so, as time allows, I stop in to pick up my “subscriptions” — known in the comic book universe as my “pull list”.

The pull list is a simple concept, essentially a list of comic books that I want to set aside on an individual or ongoing basis — that I’ll come and pick up later. Since new books arrive every Wednesday, it’s not terribly efficient for me to drop in just to pick up one or two issues, so the pull list is the best way to make sure I don’t miss an issue while stretching the time between visits.

The pull list is also a kind of personal relationship: I trust James to not only grab the titles that I’ve explicitly asked for, but to also suggest new books that I might not otherwise learn about. He also has to set aside inventory that might otherwise be made available to his walk-in patrons — even though I might ultimately decide, “Y’know, I think I’ll pass on this one”, so in that way, he’s trusting me to be a reliable patron.

Some time ago, James told me about a dashboard widget that he had discovered that let him see what comics were coming out soon. I checked it out — but then forgot about it — preferring the high touch relationship I had of visiting the store and browsing the shelves.

On a recent visit, James told me that he’d actually been in touch with the makers of the widget and that they were collaborating on “something big.” Having personally introduced James to both Twitter and Foursquare, I was intrigued… I mean, James has long had a blog, has presented at a BarCamp — as comic book retailers go, he’s about as 2.0 as you can get. And since he knows what a big web dork I am, his excitement told me that he was indeed on to something.

“They have an iPhone app,” he began, “called Comixology. It’s like the dashboard widget, but get this: I’ve been working with them on a pilot to hook up my store to their website.”

“Ok,” I said.

“So go to their website and create an account. Then search for my store. You’ll see a button that says ‘connect’. Hit that. From then on, whenever you add something to your digital pull list on the Comixology service, I’ll see it and add a copy to your stack.”

Retail Connection

“Wow,” I thought, “this changes everything.”

Connected commerce, activity streams and the point

It isn’t that my Apple experience or the Comixology service is the answer to question “what is the future of retail?”, but they outline the contours of the nexus between the social web and the real world.

Given what I’ve been working on in a round-about way on the DiSo Project, it is so patently clear to me that where Apple connects a credit card number to an email address, I see an OpenID associated with a payment gateway and a transaction dropbox that happens to be hosted by Google (that is, my email); where James and Comixology see a contextualized relationship management and inventory tool, I see an iPhone application that lets me buy physical goods, connect to a real life merchant of my choosing (based on his high-touch service), and then communicate my tastes and purchases to my friends and fourth-party services through activity streams.

Imagine: after a month of so assembling a good sized pull list on Comixology.com, I visit Isotope and James presents my selections, suggesting a few new books I might be interested in. I agree to give them a try, he updates my pull list on his Mac through the Comixology site, immediately updating on my iPhone. I review the list — everything looks good — and tap the “checkout” button in the app. Pre-loaded funds are immediately withdrawn from my Apple iTunes account; James receives an instant payment confirmation and I can take my comics to go without having ever reached for my wallet. Walking out the door with my nose in my phone, I uncheck a few comics from my transaction history and send the rest to my activity broker — which in turn pushes updates out to Facebook, FriendFeed, and to anyone else who is subscribed to my comic book purchases (yeah, like two people) — and in turn, they take my social recommendations, applying James’, and add some of my picks to their respective pull lists.

The whole thing takes about three minutes, with room for salutations.

This is buyer-mediated commerce (contrary to vendor-mediated), or what I might call “connected commerce.” This is one potential future for platforms like Facebook Connect to get real, and where I think identity, social, commercial and location technology will begin to hit their stride.

Google Profiles, namespace lock-in & social search

I’d originally intended to respond to Joshua Schacter’s post about URL shorteners and how they’re merely the tip of the data iceberg, but since I missed that debate, Google has fortuitously plied me with an even better example by releasing custom profile URLs today.

My point is to reiterate one of Tim O’Reilly’s ever-prescient admonishments about Web 2.0: lock-in can be achieved through owning a namespace. In full:

5. Chief among the future sources of lock in and competitive advantage will be data, whether through increasing returns from user-generated data (eBay, Amazon reviews, audioscrobbler info in last.fm, email/IM/phone traffic data as soon as someone who owns a lot of that data figures out that’s how to use it to enable social networking apps, GPS and other location data), through owning a namespace (Gracenote/CDDB, Network Solutions), or through proprietary file formats (Microsoft Office, iTunes). (“Data is the Intel Inside”)

(I’ll note that the process of getting advantage from data isn’t necessary a case of companies being “evil.” It’s a natural outcome of network effects applied to user contribution. Being first or best, you will attract the most users, and if your application truly harnesses network effects to get better the more people use it, you will eventually build barriers to entry based purely on the difficulty of building another such database from the ground up when there’s already so much value somewhere else. (This is why no one has yet succeeded in displacing eBay. Once someone is at critical mass, it’s really hard to get people to try something else, even if the software is better.) The question of “don’t be evil” will come up when it’s clear that someone who has amassed this kind of market position has to decide what to do with it, and whether or not they stay open at that point.)

Consider two things:

Owning the “people” namespace will determine whether people see the web through Google’s technicolor glasses or Facebook’s more nuanced and monochrome blue hues.

Curiously, it has been (correctly) argued that Google “doesn’t get social”, a criticism that I generally support. And yet, with their move to more convenient profile URLs that point to profiles that aggregate content from across the web (beating Facebook to the punch), a bigger (albeit incomplete) picture begins to emerge.

When I blogged that my name is not a URL, I wasn’t so much arguing against vanity or custom profile URLs but instead making the point that such things really should go away over time, from a usability perspective.

Let me put it this way: at one point, if you weren’t in the Yellow Pages, you basically didn’t exist. Now imagine there being several competitors to the Yellow Pages — the Red, Green and Blue Pages — each maintaining overlapping but incomplete listings of people. You’re going to want to use the one that has the most complete, exhaustive and easy-to-use list of names, right? And, I bet beyond that, if one of them was able to make the people that you know and actually care about more accessible to you, you’d pick that one over all the others. And this is where owning — and getting people to “live in” — a namespace begins to reveal its significance.

Google Profile Search

So, it’s telling thing to look at Google and Facebook’s respective approaches to their people search engines and indexes. Indeed, having a readily accessible index of living persons — structured by their connections to one another — will become a necessary precondition to getting social search right (see Aardvark for a related approach, which connects to the Facebook and IM portions of your social graph to facilitate question answering).

As social search and living through your social graph becomes “the norm” (i.e. with increasing reliance on social filtering), Google and Facebook’s ability to create compelling experiences on top of data about you and who you know will come to define and differentiate them.

To date, Google’s profile search has been rather unloved and passed over, but with the new, more convenient profile URLs and the location of profile search at google.com/profiles, I suspect that Google is finally getting serious about social.

Compare Facebook and Google’s search results for my buddy, Dave Morin:

Facebook logged out:

Search Names: dave morin | Facebook

Facebook logged in:

Facebook | Search: dave morin

Google results (there’s no difference between logged in and logged out views):

Dave Morin - Google Profile Search

Notice the difference? See how much better Facebook’s search is because it knows which “Dave Morin” is my friend?

Now, consider the profile result when you click through:

Dave’s Facebook profile (logged out):

Dave Morin - San Francisco, CA | Facebook

(Facebook’s logged in profile view is as you’d expect — a typical Facebook profile with stream and wall.)

Now, here’s the clincher. Take a look at Google’s profile for Dave:

Dave Morin - Google Profile

Google is able to provide a much richer and simpler profile, that’s much more accessible (without requiring any kind of sign in) because they’ve radically simplified their privacy model on this page (show what you want, and nothing more). Indeed, Google’s made it easier for people to be open — at least with static information — than Facebook!

So much for Facebook’s claim to openness! 😉

Of course, default Google profiles are pretty sparse, but this is just the beginning. (Bonus: both Facebook and Google public profiles support the microformat!)

And the point is: where will you build your online identity? Under whose namespace do you want to exist? (Personally, I choose my own.)

Clearly the battle for the future of the social web is heating up in subtle but significant ways, and Google’s move today shouldn’t be thought of anything less than the opening salvo in moving the battle back to its turf: search.

Portable Profiles & Preferences on the Citizen-Centric Web

Loyalty Cards by Joe LoongLet me state the problem plainly: in order to provide better service, it helps to know more about your customer, so that you can more effectively anticipate and meet her needs.

But, pray tell, how do you learn about or solicit such information over the course of your first interaction? Moreover, how do you go about learning as much as you can, as quickly as you can, without making the request itself burdensome and off-putting?

Well, as obvious as it seems, the answer is to let her tell you.

The less obvious thing is how.

And that’s where user-centric (or citizen-centric) technologies offer the most promise.

It’s like this:

  • If you let someone use an account or ID that they already use regularly elsewhere, you will save them the hassle of having to create yet another account that works solely with your service;
  • following on that, an account that is reusable is more valuable, and its value can be further increased by attaching certain types of profile attributes to it that are commonly requested;
  • the more common it becomes to reuse an account, the more people will expect this convenience during new sign up experiences, ideally to the point of knowing how to ask for support for their preferred sign-in mechanism from the services that they use;
  • presuming that service providers’ desire for profile information and preferences will not decrease, it will become an added byproduct of user-centric authentication to be able to import such data from identity providers as it is available;
  • as customers realize the convenience of portable profile and preference data, savvy identity providers will make it easier to store and express a wider array of this data, and will subsequently work with relying parties to develop interoperable sign up flows and on ramps (see Google and Plaxo).

For this to work, the individual must be motivated to manage her profile information and preferences, which shouldn’t be hard as her data becomes increasingly reusable (sort once, reuse everywhere). Additionally, organizing, maintaining, and accruing this information becomes less onerous when it’s all in one place (or conveniently accessible through one central customer-picked source), as opposed to sharded across many accounts and unaffiliated services.

You can get similar functionality with form-filling software like 1Password except in the model I’m describing, the data travels with you — beyond the browser and off the desktop — to wherever you need it — because it is stored in the cloud.

As it becomes easier to store and share this information, I think more people will do this as a happenstance of using more social software — and will become acclimated to providing their friends and service providers with varying degrees of access to increasing amounts of personally describing data.

Companies that jump on this and make it easier for people to manage their profile and preference data will benefit — having access to more accurate, timely, and better-maintained information, leading to more personalized user experiences and accelerating the path to satisfaction.

Companies that do get this right will benefit from what is emerging as a new social contract. As a citizen of the web, if you let me manage my relationship with you, and make it easy for me to do so, giving me the choice of how and where I store my profile and preference data, I’ll be more likely, more willing, and more able to share it with you, in an ongoing fashion, increasingly as you use it to improve my experiences with you.

Does OpenID need to be hard?

Prompted by posts by Randy Reddig and Tony Stubblebine and a conversation with Elliott Kember, I wanted to address, yet again, the big fat stinking elephant in the room: OpenID usability and the paradox of choice.

Elliott proposed a pretty clear picture of what he thinks OpenID should look like on StackOverflow, given the relative value of each provider to him:

How OpenID should look, by Elliott Kember

Compare that to how it actually looks today:

Login or Register - Stack Overflow

I’m with him. I get it.

We’re at this crossroads where it really doesn’t matter which OpenID provider you use — because while it might save you the hassle of creating yet another password — there’s little else that you can do with an OpenID beyond that.

And, if you’ve already got more than one OpenID, not much exists to help you decide which OpenID provider you should use (many people tell me: “I hate OpenID! I’ve got like 15 OpenIDs and I never know which one to use!”).

So on the one hand, we’ve done a poor job of building out the value of using an OpenID, and on the other, have failed to explain what it means to have an OpenID (or several) or how to go about deciding which one to use and why (hat tip to OpenID Explained for taking a crack at it).

Meanwhile, there’s a tension between the convenience of having one reusable and durable identity against the desire to express many aspects of one’s identity with many separate IDs, resulting in complex user interfaces.

Fortunately, OpenID as a technology can serve both needs, but communicating and demonstrating that effectively has remained a challenge.

Putting OpenID in context

For my part, I’ve used the metaphor of credit cards to try to explain OpenID:

  • Online identity is moving from its “cash and check” era to the era of “credit cards”.

    Before the advent of charge cards, payment systems were decentralized — inefficient, cumbersome, and prone to fraud. There were a number of different, non-interoperable payment mechanisms that took 30+ years to get straightened out. Indeed, the credit card system that we take for granted today (so much so that airlines have moved to relying on them as the sole form of in-flight payment) only came about in the late 90s, a good 70 years after Western Union began issuing the first credit cards.

    Imagine OpenID taking 70 years to get mass adoption!!

    Taking this metaphor at face value, it’s clear that we’re in the neonatal stages of the build-out of the OpenID network and still have much work ahead of us. Fortunately, adoption cycles have also accelerated — I don’t have the actual numbers off-hand, but I can tell you that it took longer than four years to get the first 500 million credit card users!

  • As with credit cards, you can have as many OpenIDs as you like for different purposes. I presume that common divisions will fall along work, personal, and affinity lines:

    Credit cards

    …and of course there are cases I’ve not even considered yet

  • To close out this metaphor, picking an identity provider should be like picking a bank or credit card provider: as a fourth-party service provider that advocates for your interest, since you’re their customer! Today, to Elliott’s point, there are not many obvious differences between providers; over time, I expect this to change and for this relationship to become core to one’s experience on (and enjoyment of) the web.

    Instead of agreeing to terms of service that disclaim all responsibility to you, the customer, I hope that competition in the identity space will lead providers to actually take responsibility for their services — charging good money for doing so. If your account gets hacked — no problem! — your identity provider can put back the pieces and make things right again! You could even take out online identity insurance in case your identity is ever stolen — so you can always get back to your life and recover your data without the hassle and interruption when it happens today.

    Which credit card company would you give your business to? The one that automatically credits back false charges on your account and investigates them or the one that harasses you when you travel and presumes the worst of you? I know which one I’d pick — and I’d apply the same decision heuristics to whoever provides my online identity.

The OpenID “NASCAR”

Apart from confusion over having multiple OpenIDs, the user interface that has resulted from having many top-tier providers in the space also causes confusion.

nascar-babyElliott’s criticism of the StackOverflow OpenID interface is really aimed at the noise of the brand logos displayed as buttons — intended to help people sign in using an account they already have. This kind of interface is what Daniel Burka refers to as the “OpenID NASCAR” because all the logos look like a NASCAR racecar covered with brand stickers, all jockeying for your attention.

He’s got a point. Since he’s logging in with his Google account, he really only wants a Google button:

How OpenID should look, by Elliott Kember

For all he cares, it could look like this:

OpenID without choice

…and the result would be the same thing.

Indeed, it is this kind of lack of choice that makes Facebook Connect so seductively compelling.

And dangerous.

fbconnectIt’s a frigging button. You can’t mistake it. If you argued that reducing choice increases the likelihood that the user will “get it right” and be able to sign in to your site, you’d be correct.

But, that kind of restriction of freedom of choice impairs healthy competition in the marketplace. And lack of competition is, generally, bad for the health of an ecosystem, and ultimately bad for the consumer.

The harmony in the Yin & Yang of Simplicity and Choice

Ignoring your actual preference for Coke, if this were the universal experience for buying soda, one might argue that simplicity and fewer choices are better:

No Choice

But having choice is a better overall condition. Even when a popular brand is made more prominent, having alternatives means at least maintaining the illusion of control over one’s destiny:

Coke & Others

(Original photo by Bryan Costin shared under the Creative Commons license.)

So the question is, how can we simplify OpenID so that anyone can use it without reducing freedom of choice? Well, what if the backend technology was fundamentally interoperable, but every site simply supported a button, like this:

Uber-sign in button

…and upon clicking it, a new window would pop open and you’d be presented with a box, in which you could type just about anything: an email address, a URL, the name of a social network, your phone number… heck, you could even type your name (and if you were signed into a site like Facebook that leaks basic aspects of your identity), you could select yourself from a list of names and photos and then proceed through the typical OpenID flow to prove that you are who you are, completing the sign in process.

One problem that I’ve observed with OpenID input boxes, to date, is that they look far too similar to another solitary but familiar input box. Namely — the Google search box! …where anything goes:

Googlebox

Given the training that people have learned from using Google, we must balance the need for simplicity with the ability to make an informed personal choice about which identity to present to a site. Needs which are, in many respects, at odds. Yet, the future of OpenID depends on us unraveling these issues and developing suitable interfaces that are streamlined and straight-forward that also enhance individual freedom.

With the recently approved User Interface Working Group, headed up by Allen Tom from Yahoo!, and with the involvement of folks from Facebook and other organizations, I’m optimistic that we will make considerable progress this year.

And that ultimately, no, OpenID need not be hard. Making it so just won’t happen overnight.

One day left for early-bird discounts to the Internet Identity Workshop

Internet Identity WorkshopI’ll be attending the upcoming Internet Identity Workshop (IIW) May 1820, 2009 at the Computer History Museum in Mountain View, California. The event started in 2005 and has become a staple of the identity community over the past several years, contributing to the emergence of technologies like OpenID and OAuth.

This year’s event promises to continue the conversations begun at the first and second OpenID Design Summits, and will, for the first time, delve into some of the activity streams work with which I’ve been engaged for over a year now.

Through April 1, you can register to receive the early bird rate.

Considering the caliber of folks who will be in attendance and the importance of the work that gets done there, IIW is definitely an event worth attending!

My name is not a URL

Twitter / Mark Zuckerberg: Also just created a public ...

Arrington has a post that claims that Facebook is getting wise to something MySpace has known from the start – users love vanity URLs.

I don’t buy it. In fact, I’m pretty sure that the omission of vanity URLs on Facebook is an intentional design decision from the beginning, and one that I’ve learned to appreciate over time.

From what I’ve gathered, it was co-founder Dustin Moskovitz’s stubbornness that kept Facebook from allowing the use of pseudonymic usernames common on previous-generation social networks like AOL. Considering that Mark Zuckerberg’s plan is to build an online version of the relationships we have in real life, it only makes sense that we should, therefore, call our friends by their IRL names — not the ones left over or suggested by a computer.

But there’s actually something deeper going on here — something that I talked about at DrupalCon — because there are at least two good uses for letting people set their own vanity URLs — three if your service somehow surfaces usernames as an interface handle:

  1. Uniqueness and remembering
  2. Search engine optimization
  3. Facilitating member-to-member communication (as in the case of Twitter’s @replies)

For my own sake, I’ve lately begun decreasing the distance between my real identity and my online persona, switching from @factoryjoe to @chrismessina on Twitter. While there are plenty of folks who know me by my digital moniker, there are far more who don’t and shouldn’t need to in order to interact with me.

When considering SEO, it’s quite obvious that Google has already picked up on the correlation:

chris messina - Google Search

Ironically, in Dustin’s case (intentionally or not) he is not an authority for his own name on Google (despite the uniqueness of his name). Instead, semi-nefarious sites like Spock use SEO to get prominent placement for Dustin’s name (whether he likes it or not):

Dustin Moskovitz - Google Search

Finally, in cases like Twitter, IM or IRC, nicknames or handles are used explicitly to refer to other people on the system, even if (or especially if!) real identities are never revealed. While this separation can afford a number of perceived benefits, long-term it’s hard to quantify the net value of pseudonymity when most assholes on the web seem to act out most aggressively when shrouding their real names.

By shunning vanity URLs for its members, Facebook has achieved three things:

  1. Establishes a new baseline for transparent online identity
  2. Avoids the naming collision problem by scoping relationships within a person’s [reciprocal] social graph
  3. Upgrades expectations for human interaction on social websites

That everyone on Facebook has to use their real name (and Facebook will root out and disable accounts with pseudonyms), there’s a higher degree of accountability because legitimate users are forced to reveal who they are offline. No more “funnybunny345” or “daveman692” creeping around and leaving harassing wall posts on your profile; you know exactly who left the comment because their name is attached to their account.

Go through the comments on TechCrunch and compare those left by Facebook users with those left by everyone else. In my brief analysis, Facebook commenters tend to take their commenting more seriously. It’s not a guarantee, but there is definitely a correlation between durable identity and higher quality participation.

Now, one might point out that, without unique usernames, you’d end up with a bunch of name collisions — and you’d be right. However, combining search-by-email with profile photos largely eliminates this problem, and since Facebook requires bidirectional friendship confirmation, it’s going to be hard to get the wrong “Mike Smith” showing up in your social graph. So instead of futzing with (and probably forgetting) what strange username your friend uses, you can just search by (concept!) their real name using Facebook’s type-ahead find. And with autocompletion, you’ll never spell it wrong (of course Gmail has had this for ages as well).

Let me make a logical leap here and point out here that this is the new namespace — the human-friendly namespace — that Tim O’Reilly observed emerging when he defined Web 2.0, pointing out that a future source of lock-in would be “owning a namespace”. This is why location-based services are so hot. This is also why it matters who gets out in front first by developing a database of places named by humans — rather than by their official names. When it comes to search, search will get better when you can bound it — to the confluence of your known world and the known/colloquial world of your social graph.

When I was in San Diego a couple weeks back, it dawned on me that if I searched for “Joe’s Crab Shack”, no search engine on earth would be able to give me a satisfying result… unless it knew where I was. Or where I had been. Or, where my friends had been. This is where social search and computer-augmented social search becomes powerful (see Aardvark). Not just that, but this is where owning a database of given names tied to real things becomes hugely powerful (see Foursquare). This is where social objects with human-given names become the spimatic web.

So, as this plays out, success will find the designer who most nearly replicates the world offline online. Consider:

Twitter / Rear Adm. Monteiro: @mat and I are in the back ...

vs:

Facebook | @replies

and:

iChat

vs.

Facebook Chat

Ignoring content, it seems to me that the latter examples are much easier to grok without knowing anything about Facebook or Twitter — and are much closer approximations of real life.

Moreover, in EventBox, there is evidence that we truly are in a transitional period, where a large number of people still identity themselves or know their friends by usernames, but an increasing number of newcomers are more comfortable using real names (click to enlarge):

Eventbox Preferences

We’re only going to see more of this kind of thing, where the data-driven design approach will give way to a more overall humane aesthetic. It begins by calling people by the names we humans prefer to — and will always — use. And I think Facebook got it right by leaving out the vanity URLs.

BBC Digital Planet podcast featuring OpenID

Update: The BBC has posted a write-up of the report called Easy login plans gather pace.

Digital Planet album artworkI was interviewed by Gareth Mitchell last week about OpenID for the BBC’s Digital Planet podcast.

Our conversation lasted about 10 minutes — of which only about two minutes survived (mirrored here as they currently do not keep an archive of previous episodes).

It was a familiar conversation for me, since the primary concerns Gareth expressed had to do with privacy, identity and the notion that “someone else” could “own” another’s identity on the web. His premise sounded familiar: “Won’t OpenID make my identity more hackable?”

The answer, of course, isn’t that straight-forward, and depends on a lot of mitigating factors. However, the fundamental take-away is that OpenID really is no more insecure than email, and even then, provides a future-facing design that that leads to many kinds of protection that email, in practice, does not.

. . .

I’ve also noticed over the past several years that Europeans harbor much greater sensitivities to privacy issues while Americans tend to concentrate on matters concerning “property” (physical, personal and intellectual). This is evidenced by yesterday’s blow up around Facebook’s changes to their Terms of Service. On the one hand, there’s this weird American outcry against Facebook owning your data (in common, at least) forever. From the European side, it seems like the concern is centered more around what the changes mean to one’s privacy, rather than whether Facebook can perpetually “make money” off your stuff.

I bring this up because it’s immensely relevant with regards to the conversation I had with Gareth (given that he’s based in the UK).

With the current case, I’m sympathetic to Facebook, because I know that this will be the year that people have their “mindframes” bent around new conceptions of personal privacy and control and ownership of data. I believe (as Facebook purports to) that people’s desire to share will overcome their desire for control over their personal data, and that they will gradually realize that sharing will require letting go. It is this reality — the reality of networked data in the cloud — that necessitated Facebook’s change to their terms of service — not some nefarious desire to steal your first born (or your data).

In other words, the conditions and kind of thinking that lead to the backlash against Plaxo known as Scoblegate will cease to exist in the future. Facebook’s change is merely a recognition of this new environment.

It remains unclear to me whether the pundits in this space realize that this shift will occur, and will occur naturally (as it has already begun — consider the integration of Facebook and Flickr in iPhoto ’09), or whether they just want to scream and holler when they notice something that seems astray.

. . .

Last December, I spent time talking to Boaz Sender of HTML Times at length about several of these topics (including discussing the intellectual property issues surrounding many of the technologies that are helping to ensure that the web remain an open playing field) in an interview about Identity in the Network. In juxtaposition to my interview with the BBC, I think this interview gets into some of the deeper issues at work here that must also be considered when it comes to the future of online identity, privacy and data control and (co)-ownership.

This week in video: Facebook and the OpenID Design Workshop

http://www.viddler.com/player/423b8f4b/

Needless to say, it’s been a big week for the open web, with Facebook joining the OpenID Foundation and hosting an OpenID Design Workshop.

Above is the latest episode of theSocialWeb.tv called “An Open Discussion with Facebook”, filmed yesterday on location at Plaxo. John, Joseph and I talk about the week’s news with Dave Morin and Luke Shepard of Facebook, going into some detail about Facebook’s new emphasis on their open strategy.

OpenID Design Workshop

I also recorded a bunch of video from the OpenID Design Workshop (which John McCrea did a great job liveblogging):

video preview

OpenID Design Workshop Introductions

Luke Shepard and Dave Morin introduce the schedule for the day; individual attendee introductions.

video preview

Julie Zhou from Facebook presents on Facebook Connect

Julie presents the design thinking behind Facebook Connect. Slides.

video preview

Max Engel presents MySpace usability research

Max presents usability findings from research on connecting MySpace to other sites, like AOL. Slides.

video preview

Brian Ellin presents RPX and the history of OpenID interfaces

A look at the history of OpenID interfaces, with insights into what people type “into the box”. Slides.

video preview

Eric Sachs and Brian Kromrey present on federated login research/popup

Eric Sachs and Brian Kromrey talk about their work implementing OpenID and present the new popup flow. Slides.

video preview

Chris Messina presents on OpenID Contexts

I present on using OpenID in different contexts. Slides.

video preview

OpenID Provider Report Back

The results of the 2-hour OP breakout session.

video preview

OpenID Relying Party Report Back

The results of the 2-hour RP breakout session.

Jelly Talks

And there’s now video available from the conversation I had last week with Dave Morin on the inaugural episode of Jelly Talks:

Part 1: Facebook Connect & OpenID

http://d.yimg.com/cosmos.bcst.yahoo.com/up/fop/embedflv/swf/fop.swf

Part 2: Facebook Connect & OpenID – A Community Effort

http://d.yimg.com/cosmos.bcst.yahoo.com/up/fop/embedflv/swf/fop.swf

Part 3: Facebook Connect & OpenID – User Experience

http://d.yimg.com/cosmos.bcst.yahoo.com/up/fop/embedflv/swf/fop.swf

Part 4: Facebook Connect & OpenID – Q & A

http://d.yimg.com/m/up/fop/embedflv/swf/fop.swf

Welcoming Facebook to the OpenID Foundation

Facebook logoThe day after Facebook’s 5th birthday, I join David Recordon and the rest of the board of the OpenID Foundation in welcoming Facebook as our newest member, in rapid succession to Paypal just a few weeks ago. The significance of both of these companies investing in and becoming part of the OpenID family can not be understated.

I’m particularly excited that Facebook has joined after the conversation that Dave Morin and I had last Friday during our Jelly Talk. Dave and I were in vehement agreement about a lot of things, and tantamount was the need for the user experience of OpenID authentication to improve.

The crux of the issue is that with OpenID, choice is baked in, which is a good thing for the marketplace and ultimately a good thing for users. The problem is how this choice manifests itself in interfaces.

Facebook Connect is simple because there is no choice: you click a button. Of course, that button only works for the growing subset of the web who have Facebook accounts and want to share their Facebook identity with the web site displaying the button, but that’s why their experience trumps that of OpenID’s. If you take away user choice, everything becomes simple.

But I believe that we can do better than that, and that we can arrive at a satisfying user experience for OpenID that doesn’t necessarily have to dispense with choice. And from the sound of our conversation on Friday, and with Facebook’s membership in the OpenID Foundation, I believe that we now have a mandate to confront this challenge head-on, as a top priority.

To that end, Facebook will be hosting the second User Experience Summit for OpenID on February 10th. The goal is to convene some of the best designers that leading internet companies can muster, and bring them together to develop a series of guidelines, best practices, iterations, and interfaces for making OpenID not just suck less, but become a great experience (in same vein as the hybrid OpenID/OAuth flow that we saw from Plaxo and Google last week, and in line with Luke Shepard’s proposals for an OpenID popup).

Although Facebook has not announced any plans for implementing OpenID specificly, their commitment to help improve the user experience suggests to me that it’s only a matter of time before all of the major social networks, in some way, support OpenID. If there were any lingering doubts about the competition between Facebook Connect and OpenID, hopefully the outcome of a successful collaboration will put them to rest.