Ah, the joys of being deep in the echo chamber. It's so hard to hear about anything else.
Ok, so maybe three people got the OpenStraw(man) joke yesterday. If you did, congratulations (and get help). Still, there's a lot of folks i happen to read that are talking about the New Socialism. (Marx 2.0, without that messy economic reform?)
This morning, i happened to read a post by He of the Woodcut Animals, Tim O'Reilly, that talked about tossing privacy out the window. Well, no, that's not what he said, but what he did talk about was the fact that he's got a good deal of information about himself published on various sites like flickr, facebook, linkedin, and all the other "social" sites and he wanted a way that said information could be shared. i'm also willing to believe that he's got various communities defined within his email, messenger apps, and all the other points of contact that are replicated online. He's quite right, it's a very rich seam of data that absolutely violates the Programming Principal of "Do Not Repeat Yourself". All the sites ask for pretty much the same information about schools, previous jobs, groups, other sites, and what not that would be fantastic to centralize to one location. Basically, a universal data set that would contain all the information you'd normally blurt over whatever social network du jour you wanted to join. In addition, one would assume that each social net would likewise allow you to export that data out on request.
"You want the published information about me? Here it is. Go Fetch!"
This, of course, strikes me as being both really useful and an insanely bad idea. Granted, most of the stuff that would show up here is crap that would be on your resume, but considering how much stuff folks are willing to divulge on-line, i'm not really sure having some, easy to parse file format is really that wonderful.
Whatever that data source happens to be, i'd want absolute, unforgivable control over it. No site could mine it without permission from me, and i'd want to be able to retract permission for any reason at any time. That means that those sites would not be caching that data (or it would expire in less than an hour). It also means that none of those sites could provide access to that data unless it was with my permission and went back to my One Source of Truth. What makes things bad is that said One Source of Truth would be absolutely hammered if i signed up for dozens and dozens of services that wanted access to that data, and since bandwidth ain't free, someone's got to pony up for those transfered MBs.
Of course having that rich seam of data makes stealing it wonderfully easy. Now identity thieves don't need to do a lot of messy research in order to do social engineering hacks to access your credit history, they just need to phish that data set and presto, you're on that fun-filled joy ride that is credit hell.
Thing is, i know that this sort of thing is coming. Hell, listening to the radio this morning, i heard one of those Perky Health Insurance companies talk about how much they love technology and said (and i'm not kidding) "We love the genius of the search engine." Folks, the one thing i don't want is my medical records showing up on Google, yet, i know that there are folks out there that would happily provide that information should some site ask for it.
i wonder when the Openness Backlash will start?
Hey let's tattoo our social security numbers to our arms so we never forget.
I want to be able to expose different parts of myself to different people. Wait, that came out wrong. I want to be able to create different profiles or personalities: business person, geek, friend, family member, etc. and have each profile expose different bits of information about me. Finally, I want to be able to choose which personality to use with which person or service is asking for information about me.
This is, as they say, a non-trivial problem.
See, I've thought about this Universal Log-in before and I think you're envisioning it backwards. Sites you try to create accounts for don't go and "fetch" your info, you select from pre-entered data and submit it to them, kinda like when you go off-site to make a PayPal payment.
Let's say you go to MyMarxism.com and fill out 15 different data sets - your mailing address, your online persona, favorite bands, sexual preferences, shoe size, etc. Now you want to create an account on FurryMatch.com and on their new accounts setup screen, above all of the form fields for info they want, is a button that says "I'm already signed up with MyMarxism.com!" You click that and it takes you back to MyMarxism.com and shows you what data FurryMatch.com is asking for. You can then peruse the answers you already gave MyMarxism, yay/nay/alter particular bits of info, and then click "OK, I'm Done" and presto! MyMarxism.com posts all of the approved info back to FurryMatch.com and you get an email from them confirming your account.
Data's all in one place, but you control who gets to "Fetch" it. Having a central bank of your info is bad news if you don't get to say who gets to read it.
Jim, with a central repository, I believe the general knowledge problem is trivial. It must be, because the population does it all the time, without thinking.
It's similar to user account management across a complex system. This group of "users" gets access to this tree, that tree, and maybe some of the other tree. Granulate control over whatever level you want.
Steveo - wow, you're on FurryMatch too? The problem there is what's described seems like a one-time data population, rather than an ever-maintained Oracle Of All Things Steveo. Certainly you could eventually agree on a complex system that allowed continuous data replication across far-flung, non-authoritarian systems, but… well… the FAA can't replace their existing ATC system and the SSN is too small. Odds of successful implementation and management are low.
callous, in my mind the issue isn't about if permission schemes are possible, it is one of managing the permissions. If somebody asks for my info, I have to decide what personality/profile I want to use (business, family, etc.) and notify the repository that I want to grant that person access to my information based on that profile's subset of information. The hard parts are (A) making the decision and (B) informing the system about the decision. In meatspace, that's easy: I use my brain to decide and my mouth to deliver the information. With a central repository, I have to be notified of the request for information, perhaps ask the requester some questions to determine what profile I want to use, and tell the repository to release the information.
Jim: The repository responds based on the request, which already contains the profile it is to use with that requester (either in the request, or stored for that requester). I see this - at the highest level - as being exactly the same as current profile management on any social network. Basically, you've already said that all Facebook default requests are of type "Fake friends".
That's the group-level stuff, for ease-of-management. The granularity comes with letting the repository know that requests from Person X overrides Group (social network) defaults and they get more/less. You would do this only with a subset people, and for easy management they would probably be handled as a subgroup rather than individuals. Subgroup "BFF" always get to see your e-mail address, for instance, in addition to the norms.
Then requesters (sites) simply send their request and the repository ID of the requester (all public key authenticated, probably) and the system responds. It's up to you to decide who gets what information, and at what level your trust ends. Your BFFs don't get your SSN, for instance, but maybe the group "Government Overlords" do. However, their queries never report your friends or hobbies.
Notification of requests and deciding on them is thus not required.
Rights expiry based on time or requests is also possible, and a good idea.
callous, thanks for your thoughtful replies. You've made me realize a key concept I've been missing: the use of different levels of granularity, and granting default rights based on large groups like The Latest Open (No, Really!) Shared Wowsy-Fun Social Network(tm).l
Save This Page
Can this be assured, even theoretically? (Suspected answer: No) Otherwise, for this to make sense, to get access to the data the receiver (data consuming service, ie: Facebork) would have to make an agreement to be wonderful and abide by all the rules, etc.
I think you could cryptographically get around the data caching problem, since you're in the business of trusting receivers anyway. But if you're trusting them, then a revocation bit should be sufficient, right? I mean, we all trust each other, right?
As millions if not billions of internet-naked people have discovered, once the data is out there, it's out. There is no claw-back.
As usual, the answer to any concerns about the cost of internet business is provided by the Great Giver Of Wealth, advertising - either on the front (ads) or back (data mining) ends.