Facebook And Power.com: It's About Honoring Mutual Relationship Rights
In a recent post I outlined some perspectives on social graphs - namely, that a change in context and situation alters how relationship connections are manifested. After reading the recent news about Facebook and its suit against Power.com, the disagreement provides an almost perfect example. Power.com is positioning itself as a social aggregator, allowing users to collect information from multiple sites into one place. The argument is that this type of service makes it easier for people to have a "universal dashboard" of information. The individual who uses Power.com allows it to log onto other sites by providing their login ID and password. Power.com then is able to pull information from the site and create a common view of information across all the sites to which the user has allowed Power.com to log onto.
The site argues that this is approach is ok because (1) users have agreed to its terms of service and voluntarily provided their account information to Power.com (2) this approach is similar to other popular discovery methods that access contact and email information to locate people that someone might know. This viewpoint is summarized in the clip from a CNET article below.
Naill Kennedy contrasts the CNET perspective (that Facebook is reacting to pressure from competitors) with a perspective that is very close to my own (refer to the clip and citation link below the CNET article). Naill points out (correctly I believe ), that automatic importing of social information of your connections without notification (and perhaps permission or a way for the other party of restrict what information is aggregated into another context and situation) is flawed. I agree with Naill and I sincerely hope that Facebook not only wins its case but that other vendors support the suit's intent. My thoughts on this topic have been pretty consistent when you look at my earlier opinions posted in May 2008 ("Facebook Is Correct..." and "The Dawn Of Federated Social Networks?").
The issue has multiple facets. There is the obvious aspect of Power.com violating Facebook's terms of service. The other obvious item is that members of Power.com are violating the terms of service they agreed to when they became a member of Facebook. Perhaps the not so obvious issue relates to the rights and permission models of social connects between people and how that trust level relates to the site under which a connection is made (in this case Facebook) and the connection between the parties in real life. Facebook is acting to protect its own interests and probably the interests of its members who have some expectations that their information cannot be harvested - even by people to whom they have a connection with. The exception is that Facebook does not know whether individuals connected on Facebook have a shared relationship outside the context of its site and that both parties are ok with the exchange of social information in other situations.
Eventually, Facebook needs to better address portability of information when it comes to the individual and when connected parties consent to a particular type of data exchange. There likely needs to be some type of alert/notification with controls that people can apply to filter the type of data being exchanged. As I posted earlier, I believe Facebook Connect has some gaps either in its implementation or how it is implemented by third-parties (refer to this post - "When Work And Social Worlds Collide: Microsoft Outlook, Xobni & Facebook").
As far as the original "we're doing the same thing as other services do when they check email and contact information" - I think that feature also should require an opt-in capability. When you join a site, it should ask whether you want to be discovered by other people that have information about you (e.g., your email address).
Ultimately, this gets back to understanding and abiding by the terms of service of the site you join while also addressing the need for people to "own their data" - and that includes permission models when the data is jointly owned (mutual relationship rights). The pro/con's of this debate will be critical to understand not only to those covering social networking trends but also to those involved in identity management initiatives.
And while the disagreement between Facbook and Power.com falls into the consumer realm, the topics of permission models, mutual relationship rights, and identity are key issues IT strategists must focus on as a priority as they undertake social networking initiatives within the enterprise and/or pursue external efforts to interact with customers and other audiences via community and social network sites.
Facebook sues social-network aggregator Power.com | Webware - CNET
It's true that Power.com does its thing without consent from the sites and services it taps into. But a month ago, when the company was making its first big push into the U.S., CEO Steve Vachani told the Times that Power.com was in fine legal standing because it only accesses other sites' content when a user voluntarily logs in. He likened Power.com's actions to the way social networks import contact lists from e-mail services or the way Meebo accesses users' instant message accounts.
Facebook seems to be feeling the pressure from FriendFeed, Twitter, and other social sites du jour--doing its own compiling of third-party sites. In May, it added feeds from Google Reader, Hulu, Last.fm, Pandora, StumbleUpon, and YouTube into its Mini Feed service, which had already included Delicious, Digg, Flickr, Picasa, and Yelp. And in August it launched Live Feed, a real-time stream of everything your Facebook friends are doing on the site, giving users a more centralized way to track their contacts' activity.
A screenshot of Power.com before Facebook was removed from the site's offerings.
(Credit: Rafe Needleman/CNET Networks)
Facebook sues social-network aggregator Power.com | Webware - CNET
Facebook v. Power Ventures
Collecting Facebook usernames and passwords is at the heart of the dispute. Power.com impersonates a Facebook user after collecting their username and password. The site imports friends lists from Facebook and other social providers to create a meta profile for its over-networked members trying to keep their many personas in sync. Facebook Connect, announced in May and available for beta testing shortly after, provides account linking between Facebook and other sites, SSL transport, and friend imports. Facebook Connect limits the data flow of Facebook user data in ways a direct login would not. Power.com assumed full user powers as a remote agent of a Facebook user instead of an authorized proxy to accomplish its own goals and violated Facebook terms of service in the process.
....
Modern society mostly allows people to commit self-harm as long as that action is not also harming others. Facebook restricts access to another person's member data beyond the original intent that person's sharing. New data use must explicitly receive permission to participate in shared data beyond the walls of Facebook.com (you may invite me into this new context but I am not automatically imported). Data is shared within a friend context on Facebook with the understanding such information is protected and may be limited to only a group of approved friends. Once that friend data starts propagating outside its initial use (by a Facebook member or Facebook itself) the trust associated with sharing data is violated. If you have ever thought twice about posting an e-mail address on a web page out of fear of automated data harvesters you have experienced communicating with a known community of site visitors versus other uses. Facebook wants to be an identity hub of real data about real people and takes certain steps to protect that data exchange.
There is a simple solution to this: FaceBook should have a foaf URL for every user. This foaf URL should give minimal information about that person. When someone exports information, what they really should be able to do is export their relations to their friends (identified via their URLs). Then if any of those people trust the aggregator (power.com) they can individually give that aggreagator more information. By working by reference aggregators such as Power.com won't be needed anyway.
http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to
Posted by: Henry Story | January 05, 2009 at 04:45 AM
I noticed my name is misspelled here and on the cross-post to Burton Group.
Name is "Niall Kennedy" and not "Naill."
Thanks!
Posted by: Niall Kennedy | January 23, 2009 at 04:27 PM